Written by Amelia Orwick

ViaTech is aware of the recently disclosed security issue relating to the open-source Apache "Log4j2" (CVE-2021-44228). ViaTech products and customer-facing tools do not use Log4j2 as a logging tool and are not susceptible to this vulnerability. Out of an abundance of caution, our team is continuing to review internal systems and monitor this event. 

At this time, ViaTech customers do not need to take any action related to their use of ViaTech software.

We have performed a thorough investigation and found no ViaTech products or customer-facing tools use Log4j2. Since we became aware of the vulnerability, we have taken several steps to identify and mitigate any risk in our products to our customers, including:

  • Full scans of all services to confirm that they do not have a dependency on the Log4j2 library (ViaTech products use a different logging library and do not rely on Log4j2)
  • Updated Web Application Firewall rules to help prevent exploitation attempts

We have requested details of any potential vulnerabilities from all sub-processors of ViaTech products and are monitoring their responses. ViaTech’s most important sub-processors, including Microsoft Azure, Converge Technology Solutions and Cloudflare, were either not vulnerable or have already begun patching the vulnerability across their networks.

ViaTech Cyber Security, which monitors the internal tools used by employees, is systematically reviewing ViaTech’s internal systems. If any system is found to be vulnerable, we will rapidly patch the instance or apply other mitigation tactics as advised by the vendors we use.

If you have specific questions related to this event, please contact ViaTech Support.