Apache Log4j vulnerability (CVE-2021-44228)
TIG is aware of the recently published security vulnerability in Apache Log4j (CVE-2021-44228 also referred to as Log4Shell). TIG started a security investigation immediately as this vulnerability was published. The current state as of 21.12.2021:
Products by TIG are not affected. This includes:
- tigPLS
- TIG authentig (Core, Suite, InspectionApp, MaintenanceApp, ProductionMonitor, Console, WebTerminal, shopfloor app, spp)
With the installation of authentig, TIG may have installed software products from other vendors, which could be affected:
- QlikView (Business Intelligence) – not affected at the moment of writing
https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - Talend (Data Integration for our ERP-Interface) – affected
We have already contacted our customers based on our records to fix the vulnerability.
If you are using Talend and you yet have not be contacted by us, please get in touch with our service.
https://www.talend.com/de/security/incident-response/ - ENGEL (e.g.: Offline Viewer) – not affected
https://www.engelglobal.com/en/at/log4j-vulnerability.html
