Protelesis Security Bulletin
December 9th, 2021 by admin
On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library that is affecting all Log4j v2 versions prior to 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.
ProTelesis is also aware of recently identified Apache Log4j vulnerability:
CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial-of-service attack.
ProTelesis is working closely with our vendors and manufacturers to investigate any potential product exposure related to these vulnerabilities.
A description of these vulnerabilities can be found on the Apache Log4j Security Vulnerabilities page.
This is an ongoing investigation, as such it is subject to change.
ProTelesis takes IT security very serious and is making every effort to proactively patch systems that we have access to, or reach out to customers whose systems are found to be included in this vulnerability. Security patches are being developed for each systems as we determine how each system is impacted by this vulnerability.
For information on Mitel Platforms, please visit the Mitel Product Security Advisory 21-0010 page.
Posted in: IT Security
