Current information about the log4j security message of the BSI
The ZMI solutions - especially of the WebClient - do not use logging based on "log4j".

Current information about the log4j security message of the BSI

Over the weekend, the German Federal Office for Information Security (BSI) reported a security vulnerability in the log4j software library, which is used for numerous Java applications. The criticality of this vulnerability was rated as very high.

We have analyzed the issue for the ZMI programs (especially ZMI – WebClient) and came to the conclusion that they do not use logging based on “log4j”. With regard to third-party applications, we are in close consultation with the respective manufacturers and will – if necessary – provide further information at this point.

Regardless of this, we recommend that you check in what extent other components in your IT landscape could be affected and which updates / patches are provided for them.

For more information on the Log4Shell vulnerability, see:

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211211_log4Shell_WarnstufeRot.html

Folgen Sie uns auf Social Media