The 911 Secure Products do not contain the vulnerabilities in the Apache Log4j Java Logging Library (also known as JdniLookup class, Log4Shell or LogDump). This was listed in the CVE-2021-44228 alert by the cve.mitre.org group which was disclosed on December 9, 2021.
What happened:
On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
For a description of this vulnerability, see the Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.
Are my 911 Secure products affected?
911 Secure is investigating its product line to determine which products may be affected by this vulnerability. Because this is an ongoing investigation, be aware that products currently considered not vulnerable may subsequently be considered vulnerable as additional information becomes available. Refer to the table below for information about specific products, status and available remediation or mitigation.
Product Remediation required
Sentry On Premises
Sentry Sentinel Web Application NO
Sentry Avaya Aura Scout NO
Sentry Avaya Aura Session Manager Scout NO
Sentry Avaya IP Office Scout NO
Sentry Avaya CS1000 Scout NO
Sentry SNMP Listener NO
Sentry File Importer NO
Sentry Cisco CMX Tracker NO
Sentry Cisco MSE Tracker NO
Sentry Aruba Tracker NO
Sentry Tracker Commander NO
Sentry Avaya CS2100 Scout NO
Sentry eZuce openUC Scout NO
Sentry Ribbon Scout NO
Sentry External Tracker NO
Cloud Products
Sentry Cloud NO
Sentry Gatekeeper NO
Sentry Cloud Beacon NO