The Log4j makes an appearance
A recent zero-day vulnerability impacting the Apache Log4j library was made public on December 9, 2021, and assigned the tag, CVE-2021-44228, scoring 10 of 10 on the Common Vulnerability Scoring System (CVSS).
The team at Hexnode is aware of this exploit. Nonetheless, we would like to assure our customers that none of our products, services, websites, and internal or third-party infrastructure uses the Apache Log4j module for logging purposes, and hence, are not affected by this vulnerability.
We will continue to track updates around this vulnerability and will offer more information as they become available.
Log4j vulnerability overview – Hexnode is not affected
Following the Log4j exploit, Hexnode conducted a comprehensive security impact assessment to identify any potential vulnerabilities that may have arisen. The following are the results from the assessment.
- The Hexnode UEM cloud platform does not run on Java or use the Log4j library and is unaffected by this vulnerability.
- Similarly, our internal infrastructure does not run on Java or uses the Log4j library and is thus unaffected.
- All of our third-party tools and services that use Java have been thoroughly inspected and confirmed, and are found to be unaffected by these vulnerabilities.
We’re here for you
In the wake of this vulnerability, we understand that many of our customers and partners are concerned about Log4j’s potential threats to data security. You can rest assured, Hexnode is unaffected, and we do not anticipate any downtime.
As part of our standard operating procedure, we will continue to monitor the situation including third party services we use. If you have additional questions, you can always reach out to firstname.lastname@example.org.