Dec. 21, 2021 - Earlier this month, reports of a major cybersecurity vulnerability known as the Apache Log4J2 vulnerability threatened the security of a wide range of software platforms and devices attached to the internet.
After a thorough analysis, DTEN has determined that DTEN solutions, devices and services are not at risk of the Apache Log4J2 vulnerability.
Security Notice regarding Apache Log4J2 Vulnerability CVE-2021-44228
DTEN notes that the industry has made public the technical details and POC of the Apache Log4j2 high-risk vulnerability, vulnerability number CVE-2021-44228. Through this exploit, attackers can directly construct malicious requests to using this vulnerability and trigger remote code execution.
DTEN has completed a review and analysis of our hardware and software products, including our Orbit managed software as a service (MSaaS) product.
Our internal audits have found that DTEN products and services do not utilize any components related to the usage of Log4J or use any affected security components related to the usage of Log4J as defined in CVE-2021-44228.
Vulnerability analysis
The Apache Log4j2 remote code execution vulnerability attack code appeared on the night of December 9th, 2021, according to Slow Fog Security Intelligence.
This vulnerability exploits Apache Struts2, Apache Solr, Apache Druid, And Apache Flink without special configuration.
Scope of vulnerability
It has been verified that none of the DTEN product versions are affected by this vulnerability.
If you have additional questions, please contact DTEN Support at support@dten.com for assistance