Airangel constantly reviews and analyses any security incidents that could impact our customers, products, and services. If a security event affects Airangel products and services, we contact affected customers and issue a security advisory. We also often get questions when other security and technology companies disclose breaches ands security events like Log4j.
Log4j2 open source logging framework for Java is subject to a vulnerability which means untrusted input can result via LDAP, RMI and other JNDI endpoints in the loading and executing of arbitrary code from an untrusted source. There is more information here https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/
The Airangel team have checked all Products and services and have noted to the following:
- Captivnet (including Connector): AWS Services patched, Log4j2 not used.
- Dataloom: AWS Services patched, Log4j2 not used.
- MyAirangel: Log4j2 not used.
- HSMX: End of support, https://airangel.com/hsmx/, no known exposure
