Over the weekend, the German Federal Office for Information Security (BSI) reported a security vulnerability in the log4j software library, which is used for numerous Java applications. The criticality of this vulnerability was rated as very high.
We have analyzed the issue for the ZMI programs (especially ZMI – WebClient) and came to the conclusion that they do not use logging based on “log4j”. With regard to third-party applications, we are in close consultation with the respective manufacturers and will – if necessary – provide further information at this point.
Regardless of this, we recommend that you check in what extent other components in your IT landscape could be affected and which updates / patches are provided for them.
For more information on the Log4Shell vulnerability, see:
