[Security Advisory] ServiceDesk Plus MSP is not affected by CVE-2021-44228

[Security Advisory] ServiceDesk Plus MSP is not affected by CVE-2021-44228

Dear Users,

 

We would like to inform you that ServiceDesk Plus MSP is not affected by the recent RCE vulnerability (CVE-2021-44228) reported in the Log4j framework.

 

 

What is CVE-2021-44228 vulnerability?

 

According to the Apache foundation, the reported vulnerability enables "an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled,".

 

 

How is ServiceDesk Plus MSP is not affected by this vulnerability?

 

ServiceDesk Plus MSP currently uses a non-vulnerable version (a lower version) of the Log4j framework and therefore it is not affected by the vulnerability. We at ServiceDesk Plus MSP have also started work to upgrade our Log4j framework to the secure and latest version to avoid any potential threats in the future.


PS : Please note we already stopped supporting version less than 10.5 (10500 builds). To get more updates , please upgrade your instance in case you are in lower versions.

Thanks
Santhosh
SDP MSP Team



                  New to ADSelfService Plus?