-
Hi neilusobrien,
Please find the below update from the support page regarding this vulnerability;
Advisory: Critical vulnerability CVE-2021-44228 affecting the Apache Log4J library
KX is aware of a widely reported critical vulnerability (CVE-2021-44228) affecting the Apache Log4j library, where attackers can leverage log message or log message parameters to perform remote code execution on vulnerable systems. It is recommended that customers who utilise Apache Log4j upgrade to version 2.15.0, which addresses this vulnerability.
Actions taken
As a critical vulnerability, we have reviewed the security of our platform. No vulnerable versions of the Log4j library have been uncovered within the KX software that has been shipped to customers. As always, the security of customers is of paramount importance. If and when further information becomes available, we will update this page accordingly. If you have concerns or questions please visit support.kx.com
Please see support page for further updates.
Kind regards,
David