EKM are fully aware of CVE-2021-44228, and have performed a full investigation on its potential to impact the EKM Insight product suite software and can state we have no risk of this vulnerability
- All current and historic versions of the EKM Insight DCA and EKM Insight Portal software make no use of the Log4J core library, and do not include it in their distribution, so are not impacted by this security vulnerability.
- The HP SDS JAMC, included with some DCA installations, is not Java based and so is also unaffected by this vulnerability.
- Some of our messaging servers have been patched to mitigate any chance of this vulnerability being exploited. This patching was fully completed on Monday 13 December 2021.
- Two additional Log4J security vulnerabilities were since disclosed, CVE-2021-45046 (14-Dec) and CVE-2021-45105 (18-Dec). We have investigated and can confirm that the existing configuration of the Openfire servers already mitigates against these attacks.