On Dec 9th, 2021, security researchers published a report of a high risk “zero day” vulnerability (CVE-2021-44228) affecting a common software package (Apache Log4J) that can allow remote code execution.
Axio360 is not built on the Java programming language and thus is unaffected by the vulnerability.
Axio engineering and IT teams immediately investigated the vulnerability and are continuously assessing our own systems for potential impact. We are also in contact with our vendors as a part of our third-party risk management process to further assess any potential impact.
Protecting our customers’ data is our top priority and at this time there is no action that you need to take in regard to the Axio360 platform.
*** This is a Security Bloggers Network syndicated blog from Axio authored by Axio. Read the original post at: https://axio.com/insights/axios-statement-on-the-log4j-vulnerability-cve-2021-44228/