SnapComms Response to Log4j exploit

Customer notification

On Friday 10th December, we became aware of a vulnerability affecting Apache Log4j.The vulnerability CVE-2021-44228, also nicknamed Log4Shell, can be exploited by forcing Java-based apps and servers, where the Log4j library is used, to log a specific string into their internal systems.
 
The SnapComms products are not directly affected by this vulnerability, as we can confirm the Log4j library is not used. We have confirmed with upstream vendors that they are not vulnerable in the services they are providing for the SnapComms platform.