[RADIATOR] Radiator is not affected by log4j vulnerability

Daniela Loya Ramos dlr at radiatorsoftware.com
Mon Dec 13 10:49:06 UTC 2021


 On the 10th of December 2021 a vulnerability (CVE-2021-44228
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228>) in a popular
Java-based logging utility log4j was published. Since then, we have
received some customer queries about Radiator’s vulnerability.

Radiator does not utilise Java or log4j as a component of our software and
is therefore not vulnerable to the log4j vulnerability.

While closely following the situation, research, and responses around the
vulnerability, we have identified that RADIUS protocol and infrastructure
can be used to deliver the exploit to more vulnerable services such as
Java-based backend services, AAA information sources and centralised
logging systems. We have documented this delivery method principle into a
separate blog post found here:

https://blog.radiatorsoftware.com/2021/12/radius-servers-and-log4j-vulnerability.html

We will continue monitoring the issue closely and announce if issues
affecting Radiator or Radiator services are found.

-- 
Daniela Loya Ramos
Sales, Radiator Software Oywww.radiatorsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20211213/069afcda/attachment.html>


More information about the radiator mailing list