Log4j Vulnerability (CVE-2021-44228)
TL;DR: Threat to ProAct: none
NuDatum continues our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec, 2021. The ProAct application does not utilize any Java or Apache libraries. It was built entirely in Microsoft .Net and runs on Microsoft IIS server. These technologies are not affected by the Log4j vulnerability. The current assessment is that there is no threat to either the hosted or on-premise versions of ProAct. However, if our understanding of the situation changes, we will send out a notice immediately.
Please contact us if you have any questions.