Note: This text is provided as a courtesy. It has been automatically translated using software and may not have been proofread. The English language version is considered the official version and you can find the most up-to-date information there.

Last updated on

Log4Shell vulnerability in panagenda products

We are currently in the process of creating new releases that contain the necessary fixes. Releases for some products are already out, and we are releasing the rest as fast as safely possible. Update: Due to the situation evolving regularly, updates will be only posted to the knowledge base article.

by Markus Sablatnig

What has happened? 

Recently a critical vulnerability (CVE-2021-44228) was discovered in the Apache Log4j library. This vulnerability can be exploited remotely without authentication and allows remote code execution. It ranks a 10 out of 10 on the CVSS severity level. You can get more information about what happened here and an overview with more links here

Update 2021-12-14: Another vulnerability related to Log4j has popped up: CVE-2021-4104. None of our products are vulnerable to this new CVE.

Are panagenda products affected? 

Yes. 

After publication of this, we immediately started checking all our products for exposure to this vulnerability. As was to be feared, many of our products use Log4j (or include third-party components that do), are therefore vulnerable, and need to be updated. 

Affected products: 

  • ApplicationInsights 
  • ConnectionsExpert 
  • GreenLight 
  • iDNA 
  • iDNA Applications 
  • OfficeExpert 

Confirmed safe products: 

  • MarvelClient (Binaries, plugin, and Notes databases) 
  • OfficeExpert EPM 
  • SecurityInsider / GroupExplorer
  • SmartChanger
  • Free Notes plugins (Document Properties, Tabzilla, Timezone Helper, PrefTree, Network Monitor) 

What happens now? What do I need to do? 

We are currently in the process of creating new releases that contain the necessary fixes. Releases for some products are already out, and we are releasing the rest as fast as safely possible. Progress will be tracked in this knowledge base article. 

You will need to update any products that are affected. Our service and support teams are in the process of contacting all our customers to answer questions and help where needed.

Please send requests and questions to support@panagenda.com 

Comments (No Comments)

Leave a Reply

Find more information in our Privacy Policy.