Journyx is actively following the security vulnerability in the open-source Apache "Log4j 2" utility (CVE-2021-44228). We are currently assessing the potential impact of the vulnerability for Journyx products and services. This is an ongoing event and we will continue to provide updates to this security bulletin as needed.
Background:
A critical remote code execution vulnerability impacting at least Apache Log4j 2 (versions 2.0 to 2.14.1) was recently announced by Apache. This vulnerability is designated by Mitre as CVE-2021-44228 with the highest severity rating of 10.0. The vulnerability is also known as Log4Shell by security researchers. If exploited, this vulnerability allows adversaries to potentially take full control of the impacted system.
Log4j 2 is a commonly used open source third party Java logging library used in software applications and services.
Journyx has reviewed our supported products for impact and have currently found nothing to indicate that this vulnerability applies to the Journyx products or services.
Products Investigated:
Investigation has found no evidence of impact to these products by CVE-2021-44228.
- Journyx Application (all versions)
- Journyx Accountlink (all versions)
- Journyx Mobile Application (iOS and Android)
- Clock Mobile Application (iOS and Android)
- Journyx Cloud Hosting
- Acumen Application (all versions)
- Acumen Mobile Application (iOS and Android)
- Acumen Cloud Hosting
Information on this page last updated 1:22PM CST on December 21, 2021.