Information on critical Log4j 2.x vulnerability

taperez

2021-12-13 08:14

We have been informed that a critical vulnerability in Java application, Log4j 2.x was reported recently. Just want to check with you if Skyline software runs on Log4j 2.x or uses it for its application.

Let us know.

Thank you,
Tatiana Perez

IA-2021-005_ Widespread Exploitation of a Critical Apache Utility Vulnerability Likely in the Near-Term.pdf

NYC21-0306 APACHE LOG4J 0-DAY VULNERABILITY.pdf

Restricted_[AgencyName]_Log4J CVE-2021-44228.xlsx

Brendan MacLean responded:	2021-12-13 12:20
Hi Tatiana, Skyline itself is a client application written in C#, which does not use Log4J (a Java library), making it in no way susceptible to this issue. Our websites (Skyline.ms and PanoramaWeb.org) were flagged as susceptible to this issue on Friday, and taken down until we could resolve the security vulnerability. I am happy to report that our websites are now also not susceptible and open for support requests like this one. Thanks for checking in. We believe that all of our software is not vulnerable to this potential exploitation related to Log4J. --Brendan