We understand that some of our customers have queries on an exploit affecting the popular Apache Log4j utility after it was made public on December 9, 2021, that results in unauthenticated remote code execution (RCE). We would like to confirm that there is no impact of Log4j on Caliber Products. More details below.
About Log4j –
Log4j is a Java-based logging library maintained by the Apache Software Foundation and included with most enterprise products released by the Foundation. A high severity vulnerability (CVE-2021-44228, CVSSv3 10.0) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. This vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1. The vulnerability allows for unauthenticated remote code execution.
Impact of Log4j on Caliber Products –
- Caliber applications are not susceptible to this vulnerability. Our applications - LIMS, BRM, QMS, DMS, APQR, Training Management or any other Caliber products - do not include any log4j-core jar files.
- Since Caliber applications are not built on Java and this library is not used, our product team confirms that there is no impact to your Caliber applications.
For any further queries, please drop an email to email@example.com.