Wiiisdom Services – Log4j2 Vulnerability
This week a disclosed Apache Log4j2 vulnerability was recently discovered and published, with the reference CVE-2021-44228 (the method of communication of an authoritative body known as the CVE, which monitors this type of threat).
The Wiiisdom Engineering team reacted quickly and succeeded in patching not only the services that were affected by this vulnerability but also all our other products to be sure our customers could use them securely.
The Impact Of Log4j2 Vulnerability On Wiiisdom Services
The 360Suite (360Eyes and 360 Web Platform) portfolio was not impacted by the vulnerability as the impacted component is the main JNDI package. Those classes and methods are not used in the 360Suite portfolio. However, we have decided to take this “opportunity” to update this library, and go beyond just fixing Log4j2. A new version has thus been released and is available on the customer portal.
The Legacy version of 360Suite was impacted by this vulnerability. Please note that this version of the product is no longer supported since September 30th, 2021, so we strongly recommend you upgrade to the most recent version available on the customer portal.
Wiiisdom Ops for Tableau
Wiiisdom Ops for Tableau was impacted on one of its services and we have now released a new version. This is available to download on the customer portal. The component impacts the performance tests. If you can’t upgrade to the most recent version straight away, you should consider stopping using this feature for the moment.
Overview of the newly released versions of Wiiisdom services.
Mitigate The Risk Of Log4j2 Today
We recommend that all our customers install the new releases in order to mitigate the Log4j2 vulnerability (CVE-2021-44228). To download the new releases, simply login into the Wiiisdom Customer Center. If you have any further questions, please create a support ticket or contact firstname.lastname@example.org