Late last month, a major security vulnerability was discovered in the widely used logging library Log4j. The vulnerability allows a malicious third party to execute arbitrary code on a vulnerable system and potentially take full control of the system.
This library is developed and maintained by Apache, and they have already released a patch to resolve this issue on affected systems. Apache have announced that upgrading Log4j to this latest patch will remove this vulnerability.
Please find official information released by Apache here: https://logging.apache.org/log4j/2.x/security.html
Inner Range’s Position
None of Inner Range’s products utilize Log4j in any form. All three of our Security and Access Control Systems (Integriti, Inception and Insight), our cloud platforms (SkyTunnel, Skycommand, Keypoint and Multipath), and our alarm reporting devices (T4000) use internally developed logging code that caters to the requirements of our systems and are not affected by this vulnerability.
Whilst Inner Range’s suite of products are not affected by the vulnerability, our statement does not cover various systems that our products are integrated with due to possible vulnerabilities in the 3rd party products. This includes applications that utilize our REST API, DUIM, and Review IO functions. Customers seeking clarification on these should direct their enquiries to the vendors of those 3rd party products.