Published on Dec 14, 2021
On December 9th 2021, a 0-day exploit in the Java logging library log4j (version 2) published as CVE-2021-44228, (critical CVSSv3 10) was divulgated.
We are currently investigating the potential impact of these vulnerabilities for our WEBfactory branded products, currently no investigated product has used the vulnerable component.
An affected product may be vulnerable to remote Code Execution (RCE) by logging a certain string. All WEBfactory products confirmed unaffected by Log4Shell vulnerabilities.
All versions of the following products are not vulnerable:
Further information on the overall situation is available from the Federal Office for Information Security.