BSI Warning for Log4j Vulnerability
- Home
- chevron_right
- General
- chevron_right
- BSI Warning for Log4j Vulnerability
2021 December 11, German Federal Office for Information Security (BSI) has published an urgent warning regarding the “log4j 2” Java programming library [1]. See [2] for English information on this vulnerability.
DAASI International is not generally using this software library, with few exceptions. The following DAASI International products and solutions are therefore not affected:
- OpenLDAP
- Shibboleth IdP (incl ShibCAS and OIDC plugin), SP und EDS [3]
- didmos1 (LUI, ETL Flow, Provisioner, PwSync, Background Processes)
- midPoint [4]
Some of our products, however, do contain the vulnerable library “log4j 2”. We will approach those customers a.s.a.p. with concrete steps how to remedy their system.
[1]: https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211211_log4Shell_WarnstufeRot.html (in German)[2]: https://www.lunasec.io/docs/blog/log4j-zero-day/ and http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228[3]: https://shibboleth.net/pipermail/announce/2021-December/000253.html
[4]: https://evolveum.com/midpoint-not-vulnerable-to-log4shell
Subscribe to our newsletter
Recent Posts
- Here to spread the word: DAASI International at it-sa 2024
- Federation Services – the new module in didmos
- New partnership: DAASI International and Remelda Technologies for secure and innovative software solutions
- Career in focus: DAASI International at the Tigers Career Day 2024
- AARC revolutionises authentication and authorisation in research
Categories
Newsletter
DAASI Newsletter 01/2024
DAASI Newsletter 02/2024
DAASI Newsletter 03/2024
Past Newsletters