Protelesis Security Bulletin

December 9th, 2021 by admin

On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library that is affecting all Log4j v2 versions prior to 2.15.0 was disclosed:

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints.

ProTelesis is also aware of recently identified Apache Log4j vulnerability:

CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial-of-service attack.

ProTelesis is working closely with our vendors and manufacturers to investigate any potential product exposure related to these vulnerabilities.

A description of these vulnerabilities can be found on the Apache Log4j Security Vulnerabilities page.

This is an ongoing investigation, as such it is subject to change.

ProTelesis takes IT security very serious and is making every effort to proactively patch systems that we have access to, or reach out to customers whose systems are found to be included in this vulnerability. Security patches are being developed for each systems as we determine how each system is impacted by this vulnerability.

For information on Mitel Platforms, please visit the Mitel Product Security Advisory 21-0010 page.

Posted in: IT Security

Get In Touch

Want to know more about how a particular solution can help your business? Get connected. From beginning to end, communication is the key to our success. You will be communicated with every step of the way and throughout the entire process. And in the end, you’ll have the utmost confidence in your staff, and the products and/or services we have provided for you.

Contact Form