Skip to main content

Information concerning the Log4j security breach

 

On 12/13/2021, BSI announced that a critical vulnerability in the widely used Java library Log4j had been detected and gave it its highest severity level rating. Log4j is an open-source Java logging library that is widely used in a number of software applications around the world. 

 

We would like to reassure you that, regardless of this critical vulnerability, no consequences are currently expected with regard to the operation of our software solutions. 

With regard to the use of Log4j and our products, we wish to make the following statement: 

  • versiondog - not affected 
    • versiondog’s code is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j. 
       
  • automation solution center - not affected 
    • The automation solution center code is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j. 
       
  • Asset Inventory Service - not affected
    • The Asset Inventory Service’s code is NOT based on the Log4j Java library, nor does it use any other software that is directly linked to Log4j. 
       
  • AutoSave (all versions) - not affected
    • AutoSave’s code is NOT based on the Java library Log4j and does not use any other software thathas a direct dependency to Log4j.
       
  • AutoSave for System Platform (A4SP) - not affected
    • AutoSave for System Platform’s code is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j.
       
  • AutoSave Portal - not affected
    • The code in the AutoSave Portal is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j.
       
  • MDT Link (MDT Online Resource Center) - not affected
    • The MDT Link code is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j.
       
  • All MDT websites - not affected
    • The code in all MDT websites is NOT based on the Java library Log4j and does not use any other software that has a direct dependency to Log4j.


We would like to once again reassure you that all our products, applications, and servers used with regard to the operation and development of our software, are permanently maintained and updated by our IT & Security team. Both regular and security-related updates are always installed on all our systems as soon as possible after they appear. 

You can always be sure that potential vulnerabilities (once detected) are analyzed within the shortest amount of time and will be counteracted using the appropriate measures. 

If you have any questions, please contact your AUVESY contact or email us at security@auvesy.de.