Nectar Response to Apache Log4j Vulnerability

Issue Updated Jan 14, 2022

Overview

A critical remote code execution vulnerability in Apache Log4j (a logging tool used in many Java applications) was disclosed on December 9, 2021. This vulnerability is described in CVE-2021-44228. This advisory also covers CVE-2021-45046 and CVE-2021-4104.

Similar to other users of Apache Log4j, Nectar has investigated to determine which products and internal systems may be affected by this. Maintaining the safety and security of all Nectar products and customer information remains our top priority. If more information on these vulnerabilities becomes available, we will conduct further investigation and report on affected products, mitigations, and/or patches on this advisory.

Contents

• Affected Products
• CVSS Score
• Further Information
• Additional Resources

Affected Products

Nectar has completed investigation on the impact of these vulnerabilities on our products. If more information on these vulnerabilities becomes evident, we will conduct further investigation and release updates to the Affected Products table at that time.

If you are using Nectar products other than those explicitly listed below, no further action is required by you at this time.  Nectar DXP (formally Nectar 10), UC Diagnostics, CX Assurance and the Endpoint Client do not use Log4J in any way.

For any questions or assistance with upgrading, please contact Nectar’s Support Team aby emailing support@nectarcorp.com or calling 1-888-811-8647

Additional Resources

• External: CVE-2021-44228
• External: CVE-2021-45046
• External: CVE-2021-4104
• External: CISA Log4j Vulnerability Guidance