Forum Discussion

TomS1's avatar
TomS1
New Member
3 years ago

log4 java script used by Go-To-Meeting launcher

A worldwide vulnerability was detected in software containing the so-called log4j java tool/component. To mitigate the risk of hacks / ransomware attacks they requested whether you could answer the following questions, with regard to the GoToMeeting Opener software package that we use, developed and distributed by your company.

 

  • Does the application contain the log4j java-component?
  • Is the used version of this component vulnerable for CVE-2021-44228?
  • Do you already have a patched version of the application available? 
  • If no, when can this be expected?
  • Is a workaround available? 

 

My apologies for the inconvenience and many thanks for your help!

 

  • AshC's avatar
    AshC
    3 years ago

    EvenSteven  Our teams are continuing to investigate and either verifying that there is no impact or taking steps, where necessary and patching is available, to resolve the issue through security patches on our side. Except in exceptionally rare circumstances, where users have been notified, there is no further action to take on the customer side regarding this vulnerability.

     

    You can reference this support article for updates around our findings:  https://support.goto.com/meeting/help/logmeins-response-to-log4j  

     

     

  • AshC's avatar
    AshC
    Retired GoTo Contributor
    3 years ago

    Hi TomS1  

    On Friday, December 10th, a zero-day vulnerability affecting a widely utilized open-source logging tool that is part of Apache Logging Services impacted a meaningful subset of the software industry. The security of our services and customer data is a top priority for LogMeIn and we are taking this matter very seriously. Upon becoming aware of the vulnerability, LogMeIn initiated an investigation to determine if any further action is required to mitigate against the vulnerability. Additionally, we continue to monitor for the latest information regarding this issue with Apache to keep our software and customers safe and secure.  

    • EvenSteven's avatar
      EvenSteven
      New Member
      3 years ago

      Is there any news on this? Is your service by any chance affected? As the post starter suggested, log4j script is used by the launcher?! Has any actions been made? Do i as a user of the service need to do anything?

      • AshC's avatar
        AshC
        Retired GoTo Contributor
        3 years ago

        EvenSteven  Our teams are continuing to investigate and either verifying that there is no impact or taking steps, where necessary and patching is available, to resolve the issue through security patches on our side. Except in exceptionally rare circumstances, where users have been notified, there is no further action to take on the customer side regarding this vulnerability.

         

        You can reference this support article for updates around our findings:  https://support.goto.com/meeting/help/logmeins-response-to-log4j