Qmatic is fully aware of CVE-2021-44228 and CVE-2021-45046, referred to as Apache Log4j vulnerability in the Apache Log4j 2 Core library. We are working actively to fully assess the impacts across all Qmatic products and services that may be potentially impacted and will continually provide information to help partners and clients detect, investigate, and mitigate exposure, if any, to their Qmatic products and services.
We have already patched and mitigated the vulnerability for our Managed Services and Qmatic Cloud Solutions clients. We have no reason to believe that the exploit has been used to gain access to any of our clients on our hosted platforms. We are working to communicate any potential mitigation steps needed with our clients that use our on-prem solution and that may have been impacted.
We continue to investigate and monitor the situation as it evolves, and we are committed to working closely with our clients and partners to determine potential impacts and deliver fixes or workarounds as quickly as possible. The security of our products and our clients is our top priority, and we will provide updates as soon as more information becomes available.
For any questions or concerns, please contact support.
For more information about the Apache Log4j vulnerability please visit: https://logging.apache.org/log4j/2.x/