[Security Advisory] Supportcenter Plus is not affected by CVE-2021-44228

[Security Advisory] Supportcenter Plus is not affected by CVE-2021-44228

Dear Users,

 

We would like to inform you that Supportcenter Plus is not affected by the recent RCE vulnerability (CVE-2021-44228) reported in the Log4j framework.

 

 

What is CVE-2021-44228 vulnerability?

 

According to the Apache foundation, the reported vulnerability enables "an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled,".

 

 

How is Supportcenter plus is not affected by this vulnerability?

 

Supportcenter plus currently uses a non-vulnerable version (a lower version) of the Log4j framework and therefore it is not affected by the vulnerability. We at Supportcenter plus have also started work to upgrade our Log4j framework to the secure and latest version to avoid any potential threats in the future.


PS : Please note we already released 11.0 version and its service pack. To get more updates , please upgrade your instance in case you are in lower versions.

You can contact our support at support@supportcenterplus.com for any assistance.

Thanks
Santhosh
SCP Team