SimpleK > Ticket > Knowledgebase

log4j vulnerability CVE-2021-44228 impacts on SimpleK

Solution On 10 December 2021, Apache released a Security Advisory highlighting a critical remote code execution vulnerability in Log4j, a widely deployed Java-based logging utility. Open-source reporting indicates that active scanning and exploitation of this vulnerability have been observed.

The SimpleK software has been validated against this threat and no vulnerabilities have been detected. Here are some highlights of this validation:

- SimpleK is built on .Net Framework and does not rely on any Java components.
- The SimpleK web module add-on is built on ASP.NET and is intended to be run on Microsoft IIS web server. It is not running on Apache Web server. log4j is not included the module deployment package.
- The SimpleK mobile applications does not use java based code.
- SimpleK databases are managed on Microsoft SQL Server infrastructure. No vulnerabilities on SQL Server have detected.

We are still actively monitoring the situation and any updates will be posted here.
Was this article helpful? yes / no
Article details
Article ID: 50
Category: Knowledgebase
Date added: 2021-12-13 15:32:07
Views: 177
Rating (Votes): Article rated 5.0/5.0 (2)

<< Go back

Powered by Help desk software HESKTM

2021 SimpleK