Dear LogPoint Partner and Customer.
Recently, a critical remote code execution vulnerability in Apache log4j (CVE-2021-44228), was discovered, affecting versions 2.0-2.14.1.
Vulnerability status of LogPoint products
At this time, we have determined that no LogPoint products are affected by the vulnerability.
For detailed information about the vulnerability status of each LogPoint product, please consult the table below. If you have any questions about the vulnerability, please contact LogPoint Support or LogPoint Community.
Details of vulnerability by LogPoint product
| Product | Vulnerable? | Reason |
| LogPoint 6.12.2 | Not affected | Log4J v 1.2 used |
| Previous LogPoint versions | Not affected | Previous versions used |
| UEBA | Not affected | Log4J v 1.x used |
| LogPoint Agent | Not applicable | Not used |
| Director Console | Not affected | Log4J v 1.2 used |
| Director Fabric | Not affected | Log4J v 1.2 used |
| Search Master | Not affected | Log4J v 1.2 used |
| AAHC | Not affected | Log4J v 1.2 used |
| Plugins | Not affected | Log4j v 1.2 used |
| Applications | Not applicable | Not used |
| LogPoint for SAP HANA | Not applicable | Not used |
| LogPoint for SAP Light | Not affected | Not used |
| LogPoint for SAP Extended | Not applicable | Not used |
* Note: log4j v1.2.x is vulnerable to another vulnerability, that is only exploitable when using the class JMSAppender. While LogPoint uses log4j in version 1.2, JMSAppender is not used in LogPoint and we have actively attempted to exploit the vulnerability, confirming that in these cases log4j v1.2 is not vulnerable in the current deployment configuration.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228
Regards,
Brian Hansen, LogPoint
VP, Customer Success