On Friday, December 10, Miovision became aware of a critical vulnerability in the Apache Log4j software library. Log4j provides logging capabilities to Java applications and is used by millions of enterprise software systems.
The Miovision team has been acting swiftly in response to the vulnerability (CVE-2021-44228) and opened an internal investigation. The Log4j library is not used extensively by Miovision services. Our investigation confirmed that where it is being used has not been impacted by this vulnerability. Additionally, we leveraged our security partners to perform a targeted vulnerability scan of our environment. The scan validated the finding of our investigation, and Miovision services are not affected.
We will continue to monitor the situation for any additional activities needed to protect our customers. For more information, this vulnerability is described fully here and has received extensive media coverage as vulnerable systems are actively being targeted by malicious actors. Should you have any further questions, please reach out to our support team.