Nexthink and Log4j - Security bulletin

Question

Is Nexthink V6 vulnerable to the recently disclosed security issue affecting Log4j?

Answer

No, following a thorough security assessment of our product and its components, Nexthink V6 customers are not impacted by this vulnerability.

Please note that our client-side applications such as Collector and Finder are not written in Java and therefore not impacted by this vulnerability.

Mitigating actions

None

Executive Summary

A remote code execution vulnerability was publicly disclosed on December 9, 2021. Log4j open-source library is one of the most popular Java logging frameworks. The vulnerability affects all Java applications that use Log4j with versions from 2.0 up to 2.14.1.

Vulnerability information

Please find additional information about the CVE:

• NIST CVE-2021-44228

• Apache Log4j Security Vulnerabilities

Affected software

None

Disclaimer

The use of the software is subject to the terms and conditions of its applicable license agreement and then effective documentation. This information is provided “as-is” without a warranty of any kind.

Revision

First release