Emerging Issue: Apache Java Log4j Vulnerability

16 DEC 2021 – A proof-of-concept exploit for the Apache Java Log4j vulnerability, now tracked as CVE-2021-44228, was published on December 9. Attacks started soon after, making the flaw a zero-day (unpatched) issue at the moment of exploitation.

Apache has since released Log4j 2.15.0 which includes a fix. This affects Java-based applications and services that use the library directly, as well as many other popular Java components and development frameworks that rely on it. (Learn more)

ETA Software Products – No Vulnerability

ETA is actively receiving requests regarding this topic.

Important: ETA products are not affected by this high-risk vulnerability.

ETA does not use Java in creation of its products nor do the products include Java-based components. We hope our proactive notification proves helpful as you work to mitigate any risks in your environments.