Security Alert for Log4j CVE-2021-44228 - Security Advisory TWA SEC 3655

All versions of TCPWave DDI Products (DNS, DHCP, IP Address Management)

A critical vulnerability in the Apache Log4j Java logging library affecting all Log4J2 versions prior to 2.15.0 was disclosed under CVE-2021-44228. It states that Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI-related endpoints.

TCPWave DDI Products are not impacted by CVE-2021-44228. The TCPWave DDI Products do not allow log4j message substitution and, hence, the remote code execution vulnerability is not possible within TCPWave Products. TCPWave Engineers have confirmed that no vulnerabilities exist via exhaustive security penetration testing.

No workaround is required.

No action is required.

Customers with questions on this alert can contact TCPWave Support at [email protected].