Update on Apache Log4j2 Vulnerability
Security Advisory
A vulnerability within the Apache Log4j2 tool was identified on Friday, December 10, 2021: CVE-2021-4428. Log4j is a logging framework created by Apache and used widely across the internet. Many services across different industries are potentially vulnerable.
Our engineering teams are conducting a complete assessment, and to-date have found no evidence of any compromise on any insightsoftware servers. Regardless, we have remediated all open, public-facing systems where there was a vulnerable version of this tool being used.
insightsoftware Products:
insightsoftware can confirm that the following products and services are not vulnerable to the Apache Log4j vulnerability:
- ArcPlan (LongviewAnalytics)
- Atlas
- BizInsight
- Bizview
- Calumo
- Certent CDM
- Certent DM
- CXO
- Event 1
- Exago
- Hubble
- IDL
- Intellicast
- Izenda
- Jet Analytics
- Jet Reports
- Logi Composer
- Longview Tax and Close
- Magnitude Angles for Oracle (Noetix)
- Magnitude Agility (SaaS version)
- Magnitude Angles Cloud
- Magnitude Kalido (SaaS version)
- Mekko Graphics
- Spreadsheet Server
- Tidemark
- ViaReport Consol
- ViaReport Lease
- Wands for Oracle
- Wands for SAP
The following on-premises products that are used within customers’ networks but not open to general Internet traffic, may have a vulnerable version of Apache log4j if the customer is not restricting application usage to authenticated users within its network. insightsoftware has provided a configuration workaround to remediate the issue on the product support pages:
- Konsis
- Logi Info
- Logi Report
- Logi Info
- Magnitude Agility.
- Magnitude Angles for SAP
- Magnitude Noetix Analytics
- Magnitude Angles Hub
- Magnitude Kalido
- Magnitude Simba (DynamoDB, MongoDB, DataStacks, Neo4j, Spark, Hive, Impala)
- Magnitude SourceConnect Harmonization
insightsoftware continues to monitor this developing situation. Please check back here for updates.