Published: 2021-12-14 12:34
On December 9, 2021 a vulnerability was disclosed affecting Apache Log4j Java library Log4j2 2.0 <= version <= 2.14.1 deemed critical. A subsequent security patch to mitigate the vulnerability was released on Dec 10, 2021. The vulnerability is described in detail at https://logging.apache.org/log4j/2.x/security.html.
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Tosibox has concluded investigation on its products and services to determine possible impacts. The investigation revealed vulnerable library versions that were used in Tosibox services. The vulnerable library versions have been upgraded on all impacted services. All Tosibox services are patched and fully functional.
TOSIBOX® Lock, TOSIBOX® Lock for Container, TOSIBOX® Key, TOSIBOX® Virtual Central Lock, TOSIBOX® Central Lock products are not impacted by the vulnerability.
Security advisory on vulnerability in Apache Log4j library CVE-2021-44228
Modified on: Tue, 14 Dec, 2021 at 12:36 PM
Check product details on our website
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.