1. Home
  2. Knowledge Base
  3. Getting Started
  4. FAQ
  5. Is EIOBoard / Workplace affected by the Log4j Vulnerability?

Is EIOBoard / Workplace affected by the Log4j Vulnerability?

With the recent discovery of the Log4j Vulnerability, Savance can confirm that EIOBoard/Workplace is not vulnerable to CVE-2021-44228 since our solution does not use Log4j for any of our products. After a thorough audit of our code base and cloud environments, we have found no use of the Apache Log4j library. Therefore, we are confident no EIOBoard products are exposed to the Log4j vulnerability as a result of this recently discovered exploit.

 

Our Angular libraries import a log4j library derivative called “log4js-node” module. It is not vulnerable to the same log4j vulnerabilities that exploit the underlying Java Runtime Environment (gmillerd, 2021).
Furthermore, we evaluated our inventoried assets with two vulnerability scripts to reveal any systems running JNDI features–referencing the “JndiLookup.class,” or the log4j-core file hash. None of our inventoried assets referenced the log4j  library.
More info on the Apache Log4j exploit can be found here 

References

CISA. (2021, December 23). Mitigating Log4Shell and Other Log4j-Related Vulnerabilities. CISA. https://www.cisa.gov/uscert/ncas/alerts/aa21-356a
gmillerd. (2022, December 21). Is log4js-node affected by the log4s vulnerability? · Issue #1105 · log4js-node/log4js-node. GitHub. https://github.com/log4js-node/log4js-node/issues/1105

 

Repositories

Was this article helpful?

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support