Regarding the above mentioned vulnerability we would like to inform you that in our products SwyxWare and SwyxON as well as all add-ons, e.g. Swyx Analytics or Swyx VisualGroups, the Log4J library is not used. The products are therefore not affected by the zero-day vulnerability (CVE-2021-44228).
For software and hardware of the following manufacturers we have received feedback so far:
ASCOM (DECT 800): not affected
AudioCodes (SwyxConnect) Mediagateways / Mediapacks: not affected
C4B: not affected -> https://www.c4b.com/de/news/log4j.php
ESTOS: not affected -> estos von kritischer Schwachstelle in log4j (CVE-2021-44228) nicht betroffen
Swyx Analytics / Aurenz: not affected -> Support für Businesspartner (aurenz.de)
Atos / Unify: Tnot affected -> Security Advisory (unify.com)
Jabra Direct und Hardware: not affected
RTX (DECT 500): not affected
Yealink: not affected
POLY: not affected ->
Microsoft has confirmed to us that with the installation of MSSQL Express 2019 , part of the Swyx DVD package, log4j.jar files version 1.2.x are automatically installed. This version is not affected by the severe zero-day vulnerability in CVE-2021-44228 and is also only used when third-party applications perform accesses to the MSSQL server via JAVA. Our Swyx software does not use JAVA based accesses, so by using SwyxWare at no time an attack can be executed via the above mentioned gap.
If a customer installs Java support and uses Java archives (JARs) that depend on the Log4j 2 library, Microsoft recommends to upgrade to the latest version or to remove the Java archives
Comments
0 comments
Article is closed for comments.