ETA Notice Regarding Apache Java Log4j

Emerging Issue: Apache Java Log4j Vulnerability

16 DEC 2021 – A proof-of-concept exploit for the Apache Java Log4j vulnerability, now tracked as CVE-2021-44228, was published on December 9. Attacks started soon after, making the flaw a zero-day (unpatched) issue at the moment of exploitation.

Apache has since released Log4j 2.15.0 which includes a fix. This affects Java-based applications and services that use the library directly, as well as many other popular Java components and development frameworks that rely on it. (Learn more)

ETA Software Products – No Vulnerability

ETA is actively receiving requests regarding this topic.

Important: ETA products are not affected by this high-risk vulnerability.

ETA does not use Java in creation of its products nor do the products include Java-based components. We hope our proactive notification proves helpful as you work to mitigate any risks in your environments.

Our team of CAE experts are ready to discuss your needs and how we can help solve your problems through the right product, our engineering services, or in-client resources.

ETA Notice Regarding Apache Java Log4j

ETA Software Products – No Vulnerability

Contact us

Stay on the forefront of CAE news, events, and innovations by subscribing to our newsletter.