Nx Witness VMS and other Powered by Nx products are not affected by the Log4shell vulnerability.
How do we know? Because no part of our software platform uses the Apache Framework’s widely-used logging tool Log4j. It’s just that simple!
So everyone using our software – you’re in the clear! Read on below to learn more about Log4j / Log4Shell vulnerability or check out our support portal for official documentation from the Nx Support team!
Log4shell is a critical vulnerability in the open source Apache Framework‘s widely-used logging tool Log4j, which is used by millions of computers worldwide running online services.
Log4Shell was first discovered in Microsoft-owned Minecraft, though LunaSec warns that “many, many services” are vulnerable to this exploit due to Log4j’s “ubiquitous” presence in almost all major Java-based enterprise apps and servers.
The open-source Apache Log4j library has over 400,000 downloads from its Github project, according to cybersecurity firm Check Point.
The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system.
The problem impacts Log4j 2 versions which is a very common logging library used by applications across the world. Logging lets developers see all the activity of an application. Tech companies such as Apple, Microsoft, Google all rely on this open-source library, as do enterprise applications from CISCO, Netapp, CloudFare, Amazon and others.
A list of major companies and their services / products affected by the Log4Shell vulnerability can be found here on github.