A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was discovered on December 9, 2021.
Code42 does use Java within Code42 products (including CrashPlan for Small Business), but current releases of all affected services and agents leverage a JVM version higher than 11.0.1 which prevents exploitation of the remote code execution vulnerability. As a further point of mitigation, Code42 will be updating to the latest patched version of log4j as part of future releases of our products.
Since unsupported or out-of-date installations may be affected, make sure you are running the latest supported Code42 app version.
For further information, see our article Code42 response to industry security incidents.
Article is closed for comments.