Security advisory on vulnerability in Apache Log4j library CVE-2021-44228

Modified on Tue, 14 Dec 2021 at 12:36 PM

Published: 2021-12-14 12:34

On December 9, 2021 a vulnerability was disclosed affecting Apache Log4j Java library Log4j2 2.0 <= version <= 2.14.1 deemed critical. A subsequent security patch to mitigate the vulnerability was released on Dec 10, 2021. The vulnerability is described in detail at https://logging.apache.org/log4j/2.x/security.html.

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Tosibox has concluded investigation on its products and services to determine possible impacts. The investigation revealed vulnerable library versions that were used in Tosibox services. The vulnerable library versions have been upgraded on all impacted services. All Tosibox services are patched and fully functional.

TOSIBOX® Lock, TOSIBOX® Lock for Container, TOSIBOX® Key, TOSIBOX® Virtual Central Lock, TOSIBOX® Central Lock products are not impacted by the vulnerability.