CVE-2021-44228 Myers Information Services
To All Myers Clients:
Please be advised that we are aware of the recently reported Apache Log4J2/Log4Shell zero-day vulnerability (NVD – CVE-2021-44228). Following the initial report on 12/10/21, Myers’ engineering team has conducted an extensive review of our product offerings to assess any potential threat to Myers clients.
Our findings are as follows:
- • Myers uses the Spring Boot framework for all Java-based applications
- • Myers’ configuration of Spring Boot uses the default logging system provided and not Log4J2.
- • None of Myers’ products use log4j-core
- • Per the Spring Boot statement regarding Log4J2 vulnerability (Log4J2 Vulnerability and Spring Boot), the jars included and used in their default logging cannot be exploited on their own and only applications using log4j-core are vulnerable.
Please be assured that Myers products are not affected by the recently disclosed Log4J2/Log4Shell zero-day vulnerability. Further, we are closely monitoring the situation and will notify you of any updates that may affect your internal systems.
The Myers Team