Customer Service Notice CVE-2021-4428



CVE-2021-44228 Myers Information Services

To All Myers Clients:

Please be advised that we are aware of the recently reported Apache Log4J2/Log4Shell zero-day vulnerability (NVD – CVE-2021-44228).  Following the initial report on 12/10/21, Myers’ engineering team has conducted an extensive review of our product offerings to assess any potential threat to Myers clients.

Our findings are as follows:

  • • Myers uses the Spring Boot framework for all Java-based applications
  • • Myers’ configuration of Spring Boot uses the default logging system provided and not Log4J2.
  • • None of Myers’ products use log4j-core
  • • Per the Spring Boot statement regarding Log4J2 vulnerability (Log4J2 Vulnerability and Spring Boot), the jars included and used in their default  logging cannot be exploited on their own and only applications using log4j-core are vulnerable.

Please be assured that Myers products are not affected by the recently disclosed Log4J2/Log4Shell zero-day vulnerability.  Further, we are closely monitoring the situation and will notify you of any updates that may affect your internal systems.

Sincerely,

The Myers Team

Categories

Archives

Events

Share this Post

Grow With ProTrack

Put our experience and expertise to work for you. Begin building your perfect system, backed by the right team.

Request Demo About ProTrack