|
A critical vulnerability was recently discovered related to systems/software that run Apache Log4j. More information about this vulnerability can be found here: National Vulnerability Database - CVE-2021-44228 (nist.gov) This is an industry-wide vulnerability affecting the Apache Log4j itself and is not specific to Metalogix Essentials for Office 365. How does this affect me? Metalogix Essentials 2.9 ships with Log4j version 2.13 which is susceptible to CVE-2021-44228. Metalogix Essentials is an on-premises product which is installed within the protected perimeter of the customer’s environment. As such the exploitability of CVE-2021-44228 is more limited and consequently the overall risk to the customer environment or data is lower than the published critical severity of CVE-2021-44228. Metalogix Essentials 2.7 and 2.8 are not affected by CVE-2021-44228 as these versions ship with Log4j version 1.x with no JMSAppender extension. We recommend nonetheless that customers using 2.7 or 2.8 update as well to the latest version. Resolution To resolve this issue, download Metalogix Essentials 2.9.0.5. Please review the following knowledge base 336000 for further details on this issue. We apologize for the inconvenience this issue may have caused and look forward to assisting you in the future.
|
