Product Security

The 911 Secure Products do not contain the vulnerabilities in the Apache Log4j Java Logging Library (also known as JdniLookup class, Log4Shell or LogDump). This was listed in the CVE-2021-44228 alert by the cve.mitre.org group which was disclosed on December 9, 2021.

What happened:

On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

For a description of this vulnerability, see the Fixed in Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page.

Are my 911 Secure products affected?

911 Secure is investigating its product line to determine which products may be affected by this vulnerability. Because this is an ongoing investigation, be aware that products currently considered not vulnerable may subsequently be considered vulnerable as additional information becomes available.  Refer to the table below for information about specific products, status and available remediation or mitigation. 

SENTRY™ On Premises

• SENTRY™ Sentinel Web Application                                                                                  
• SENTRY™ Avaya Aura Scout                                                                                              
• SENTRY™ Avaya Aura Session Manager Scout 
• SENTRY™ Avaya IP Office Scout
• SENTRY™ SNMP Listener
• SENTRY™ Cisco CMX Tracker 
• SENTRY™ Cisco MSE Tracker
• SENTRY™ Aruba Tracker 
• SENTRY™ Tracker Commander
• SENTRY™ Ribbon Scout 
• SENTRY™ External Tracker

Cloud Products

• SENTRY™ Cloud
• SENTRY™ Gatekeeper
• SENTRY™ Cloud Beacon