GOM informs customers on Log4j
GOM Informs Customers on Log4j
Based on the statement of the German Federal Office for Information Security (BSI) there is a new warning level for the Java library Log4j. The vulnerability has been assigned the highest assignable CVSS value of 10.0.
The critical vulnerability (named Log4Shell) in the widely used Java library Log4j can lead to a critical threat, according to the BSI. The BSI has therefore upgraded its existing cyber security warning to the Red warning level. The reason for this assessment is the very wide distribution of the affected product and the associated impact on countless other products.
After analyzing the BSI statement on the vulnerability (CVE-2021-44228) and due to the FOSS components used, GOM GmbH can exclude that a vulnerability exists, since no Log4J is included.
Thus, there is no threat for the releases of the GOM Suite, GOM Software 2021 (Final Release as well as Hotfix 1 to Hotfix 3) as well as GOM Software 2020 (Final Release as well as Hotfix 1 to Hotfix 6) and the respective included third-party components.
A list of all FOSS components used can be requested from GOM Support. This list is also included in the direct help of the GOM Software.
Please do not hesitate to contact our GOM Support if you have any questions.