The 911 Secure Products do not contain the vulnerabilities in the Apache Log4j Java Logging Library (also known as JdniLookup class, Log4Shell or LogDump). This was listed in the CVE-2021-44228 alert by the cve.mitre.org group which was disclosed on December 9, 2021.
On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
For a description of this vulnerability, see the Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.
Are my 911 Secure products affected?
911 Secure is investigating its product line to determine which products may be affected by this vulnerability. Because this is an ongoing investigation, be aware that products currently considered not vulnerable may subsequently be considered vulnerable as additional information becomes available. Refer to the table below for information about specific products, status and available remediation or mitigation.
SENTRY™ On Premises