Majestix69

[Majestix69]

Can you please give a statement about your services and devices regarding log4j vulnerability (CVE-2021-44228)?

[Giancarlo]

As officially communicated on Saturday, December 11, 2021 (hopefully your company received such communication), Domotz has not been impacted by the Log4j critical vulnerability. 

This was the message from the weekend:
 

Dear users,

On Friday, December 10th, a vulnerability was detected in Log4j, a very common java library used by millions of software applications worldwide.

The services exposed by Domotz do not use Java and, as a result, our engineers excluded the possibility that external attackers can exploit this Log4j vulnerability and pose any threat to our service and our customers. 

More details can be found here:
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce
https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java

Our team will keep monitoring the situation closely and reviewing it as it evolves to ensure that our service maintains the highest level of security.

If you have any questions or concerns, please feel free to email support@domotz.com.

Thank you for your attention.

The Domotz Team

 

As a matter of fact, Domotz DevOps team has worked continuously since last Friday to identify (and eventually isolate) any possible impact on our infrastructure. Last Monday, even other minor applications used in our development environment has been confirmed as completely safe from the critical vulnerability impacting log4j library.