On December 10, 2021, the National Institute of Standards and Technology (NIST) announced a vulnerability in the Apache Log4j2 library. The Apache Log4j2 utility is a commonly used component for logging requests. This vulnerability could allow a system running Apache Log4j version 2.14.1 or below (exclude 2.12.2) to be compromised and allow arbitrary code to be executed.
In response to the reported vulnerability Apache Log4j2 Java library, we have investigated internally our products and we identified:
Main Products Confirmed Not Affected
Our main product are safe as Apache Log4j2 Java library are not being implemented in our products. The main products mentioned are:
- Chat SDK
- Qiscus Multichannel
Affected Products
We found one of the services in Meet SDK was affected. We immediately fixed this. However, if you are not using Meet SDK you are never affected by this issue.
Summary
We take the protection of our customers’ data very seriously. We are aware of the recently disclosed Apache Log4j2 vulnerability. We have fixed the issue in our product. Now you are safe to use our products. If you have any questions or problems regarding these vulnerabilities please contact us.
