Security Notice: Apache log4j Vulnerability CVE-2021-44228

Info

From December 9, 2021 reports of a Zero Day exploit for Apache Log4j 2.x <= 2.15.0-rc1 were being reported in the wild under CVE-2021-44228.

Question

Are FileWave systems impacted by this exploit?

Answer

FileWave at one point in time (more than 4 years ago) did use log4qt, a C++ implementation of log4j, but its use was discontinued from version 12.4 of FileWave. The Java version of log4j was never used by FileWave.  Therefore FileWave systems (Boosters, Server, IVS, and Clients) are NOT impacted by this vulnerability.