Last updated 13/12/2021, 9pm CEST
Status of Log4j vulnerability in LogPoint
Recently, a critical remote code execution vulnerability (CVE-2021-44228), also known as Log4Shell, was discovered, which affects Apache Log4j versions 2.0-2.14.1. Log4j is a popular logging library in Java and is used in several enterprise applications, including LogPoint products.
Vulnerability status of LogPoint products
At this time, we have determined that no LogPoint products are affected by the vulnerability, and we will update this page as we continue our investigations.
For detailed information about the vulnerability status of each LogPoint product, please consult the table below. If you have any questions about the vulnerability, please contact your LogPoint representative.
Details of vulnerability by LogPoint product
* Note: log4j v1.2.x is vulnerable to another vulnerability, that is only exploitable when using the class JMSAppender. While LogPoint uses log4j in version 1.2, JMSAppender is not used in LogPoint and we have actively attempted to exploit the vulnerability, confirming that in these cases log4j v1.2 is