On December 10, 2021, the National Institute of Standards and Technology (NIST) listed Apache Log4j ≤ 2.14.1 library vulnerability (CVE-2021-44228). This vulnerability allows unauthenticated remote code execution that is triggered when a specially crafted string provided by an attacker is processed by the Log4j library.
Like many other applications and internet services, OWOX BI also uses the Log4j library. However, we are happy to report that our security team responded to this threat promptly by taking preventive measures to protect OWOX BI.
Currently, we use an updated version of Apache Log4j, which is not affected. All OWOX BI systems are operational.
We will continue to evaluate this matter and actively monitor our infrastructure. In case we detect a threat to our systems or customers’ data, we will take all appropriate measures.