Versasec Explains Log4j 2 Library Vulnerability

Date:  2021-12-16
Author: Anders Adolfsson, Product Manager

On a cliff

If you’ve not yet heard, there is now a known remote code execution vulnerability in log4j 2 that could impact a very small subset of Versasec customers

Updated: 2021-12-16

The remote code execution vulnerability (CVE-2021=44228) affects multiple versions of the Apache Log4j 2 library. The risk is that systems using log4j 2.0 – 2.14 could allow an attacker with network access to instruct affected systems to download and execute a malicious payload by submitting a custom-crafted request.

The Versasec technical team has identified one library where log4j 2 is used within or in connection with our vSEC:CMS product suite. It is the third-party SDK used between vSEC:CMS and the UniCERT PKI. Customers using UniCERT are asked to reach out to their Versasec contact.

Our customers who are not using the UniCERT PKI with vSEC:CMS are not impacted by this vulnerability.

We keep staying on top of this issue and will provide any updates as we learn more.

Photo by Cristofer Maximilian on Unsplash

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Contact Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog
Share this article