Login AM and Log4j / CVE-2021-44228

This article explains the details surrounding Log4j / CVE-2021-44228 and its involvement in Login AM.

Issue:

Apache Log4j is a widely used Java library used in many commercial and open-source software products as a Java logging framework. The CVE-2021-44228 is a remote code execution (RCE) vulnerability that can be exploited without authentication. The vulnerability's criticality is rated as 10 (out of 10) in the common vulnerability scoring system (CVSS).

Status: Answered

LoginVSI is aware of this vulnerability, has completed investigation, and determined that we do not use Java or the log4j library in any of our products. Therefore we remain unaffected by the Log4j / CVE-2021-44228 vulnerability. We thoroughly checked our code and third party tools.