We would like to inform you that ServiceDesk Plus MSP is not affected by the recent RCE vulnerability (CVE-2021-44228) reported in the Log4j framework.
What is CVE-2021-44228 vulnerability?
According to the Apache foundation, the reported vulnerability enables "an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled,".
How is ServiceDesk Plus MSP is not affected by this vulnerability?
ServiceDesk Plus MSP currently uses a non-vulnerable version (a lower version) of the Log4j framework and therefore it is not affected by the vulnerability. We at ServiceDesk Plus MSP have also started work to upgrade our Log4j framework to the secure and latest version to avoid any potential threats in the future.
PS : Please note we already stopped supporting version less than 10.5 (10500 builds). To get more updates , please upgrade your instance in case you are in lower versions.
SDP MSP Team