Log4j Vulnerability and Acmeware Products and Services
We are aware of the recent Log4J security vulnerability announcement, CVE-2021-44228 and CVE-2021-45046. We would like to inform you that Acmeware developed products and other products used by Acmeware do not contain the Log4J libraries. More information and guidance on the vulnerabilities can be found at https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance.
All Acmeware developed products you may have installed in your infrastructure (OneView, Downtime Defender, and other custom software) are written in the .Net language which commonly does not use the Log4J libraries and have been confirmed to not be at risk for this vulnerability. The following Acmeware-supported third-party products have also been evaluated and are not vulnerable: Microsoft SQL Server, SQL Server Management Studio, Visual Studio, QMS ONC CHART, Splashtop, and Beyond Compare.
We are continuing to test our services to see whether they are vulnerable, and if/where applicable, will take the necessary actions. We are also monitoring further development of this vulnerability and additional announcements will be made as necessary.
If there are any questions regarding your Acmeware supported software or services, please open a ticket at https://support.acmeware.com/ .