To Friends and Customers of CM First,
On December 10th, NIST disclosed a vulnerability in versions of Apache's Log4j utility, published here.
Security is our highest priority, so we comprehensively investigated our portfolio of applications and their dependencies right away. Log4j is only used in one of our products, CM WebClient. Our engineers have determined that the Log4j vulnerabilities aren't an issue for applications developed using this product.
We are actively monitoring the NIST site and CVE-2021-44228, and engaging with the community to ensure that we stay informed as any new information comes to light. We are singularly committed to preventing any potential exposure moving forward.
Our complete statement with further details regarding CM WebClient can be found here on our support site.
Please feel free to monitor our support portal for updates and further guidance.
- CM First Team
|
|
|
|
|
|
