As many of you have already noticed, the zero-day exploit CVE-2021-44228 has been making its rounds in tech/infosec news since early Friday morning:
heise.de / securityboulevard.com
Many partners and customers have already approached us to ask if we are aware of the situation.
The answer is yes. We at Bertsch Innovation are aware of this issue and want to assure you that we are closely following the information security news.
Regarding our own software mediacockpit, we can assure you that mediacockpit and the wildFly Application Server on which it is based are not affected.
Twitter message from WildFly: “WildFly does not depend on the Log4j 2 org.apache.logging.log4j:log4j-core library, so we are not affected by CVE-2021-44228. If your application deployment packages log4j-core we recommend you upgrade ASAP.”
Therefore, there is no immediate need for action regarding mediacockpit. However, we would like to remind everyone that it is always a good idea to keep your systems and software up to date.
If you are using any other Java-based web application software, we recommend that you contact the vendor(s) immediately for more information about the exposure and any patches or mitigation procedures.