On December 9th a vulnerability involving remote code execution in the Java logging library log4j was disclosed to the public.
The vulnerability was given the highest possible security severity rating.
Given the severity of the issue, and the massive installation base of log4j, we would like to inform you on the impact on L2L DISPATCH to assist you in your own security risk assessments related to the vulnerability.
The short version is that since DISPATCH is a SaaS application without any Java or network dependencies, it is not vulnerable to CVE-2021-44228.
For more information about what you need to know regarding the Log4j vulnerability please click below.
- https://en.wikipedia.org/wiki/Log4Shell
- https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=log4j
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013