Security Announcement [December 2021] – Apache Log4j

On December 10, 2021, the National Institute of Standards and Technology (NIST) announced a vulnerability in the Apache Log4j2 library. The Apache Log4j2 utility is a commonly used component for logging requests. This vulnerability could allow a system running Apache Log4j version 2.14.1 or below (exclude 2.12.2) to be compromised and allow arbitrary code to be executed.

In response to the reported vulnerability Apache Log4j2 Java library, we have investigated internally our products and we identified:

Main Products Confirmed Not Affected

Our main product are safe as Apache Log4j2 Java library are not being implemented in our products. The main products mentioned are:

  • Chat SDK
  • Qiscus Multichannel

Affected Products

We found one of the services in Meet SDK was affected. We immediately fixed this. However, if you are not using Meet SDK you are never affected by this issue.

Summary

We take the protection of our customers’ data very seriously. We are aware of the recently disclosed Apache Log4j2 vulnerability. We have fixed the issue in our product. Now you are safe to use our products. If you have any questions or problems regarding these vulnerabilities please contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like