Late last month, a major security vulnerability was discovered in the widely used logging library Log4j, that allows a malicious third party to execute arbitrary code on a vulnerable system and potentially take full control of a system.
This library is developed and maintained by Apache, and the Apache team has already released a patch to resolve the vulnerability on affected systems – upgrading Log4j to this latest patch will removes the issue – you can find information released by Apache here.
However, according to Mark Cunnington, none of Inner Range’s products utilize Log4j in any form.
“All 3 of our security and access control systems (Integriti, Inception and Insight), our cloud platforms (SkyTunnel, Skycommand, Keypoint and Multipath), and our alarm reporting devices (T4000) use internally developed logging code that caters to the requirements of our systems and are not affected by this vulnerability,” Cunnington said.
“While Inner Range’s suite of products are not affected by the vulnerability, this does not cover various systems that our products are integrated with, due to possible vulnerabilities in the 3rd party products. This includes applications that utilize our REST API, DUIM, and Review IO functions. Customers seeking clarification on these should direct their enquiries to the vendors of those 3rd party products.”
If you have any questions call Inner Range +61 3 9780 4300.
#sen.news #SEN #SENnews #security #electronics
