Dear Users,
We would like to inform you that Supportcenter Plus is not affected by the recent RCE vulnerability (CVE-2021-44228) reported in the Log4j framework.
What is CVE-2021-44228 vulnerability?
According to the Apache foundation, the reported vulnerability enables "an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled,".
How is Supportcenter plus is not affected by this vulnerability?
Supportcenter plus currently uses a non-vulnerable version (a lower version) of the Log4j framework and therefore it is not affected by the vulnerability. We at Supportcenter plus have also started work to upgrade our Log4j framework to the secure and latest version to avoid any potential threats in the future.