Forum Discussion

TomS1's avatar
TomS1
New Member
3 years ago

log4 java script used by Go-To-Meeting launcher

A worldwide vulnerability was detected in software containing the so-called log4j java tool/component. To mitigate the risk of hacks / ransomware attacks they requested whether you could answer the f...
  • AshC's avatar
    AshC
    3 years ago

    EvenSteven  Our teams are continuing to investigate and either verifying that there is no impact or taking steps, where necessary and patching is available, to resolve the issue through security patches on our side. Except in exceptionally rare circumstances, where users have been notified, there is no further action to take on the customer side regarding this vulnerability.

     

    You can reference this support article for updates around our findings:  https://support.goto.com/meeting/help/logmeins-response-to-log4j  

     

     

AshC's avatar
AshC
Retired GoTo Contributor

Hi TomS1  

On Friday, December 10th, a zero-day vulnerability affecting a widely utilized open-source logging tool that is part of Apache Logging Services impacted a meaningful subset of the software industry. The security of our services and customer data is a top priority for LogMeIn and we are taking this matter very seriously. Upon becoming aware of the vulnerability, LogMeIn initiated an investigation to determine if any further action is required to mitigate against the vulnerability. Additionally, we continue to monitor for the latest information regarding this issue with Apache to keep our software and customers safe and secure.  

EvenSteven's avatar
EvenSteven
New Member
3 years ago

Is there any news on this? Is your service by any chance affected? As the post starter suggested, log4j script is used by the launcher?! Has any actions been made? Do i as a user of the service need to do anything?

  • AshC's avatar
    AshC
    Retired GoTo Contributor
    3 years ago

    EvenSteven  Our teams are continuing to investigate and either verifying that there is no impact or taking steps, where necessary and patching is available, to resolve the issue through security patches on our side. Except in exceptionally rare circumstances, where users have been notified, there is no further action to take on the customer side regarding this vulnerability.

     

    You can reference this support article for updates around our findings:  https://support.goto.com/meeting/help/logmeins-response-to-log4j