cancel
Showing results for 
Search instead for 
Did you mean: 
TomS1
New Contributor

log4 java script used by Go-To-Meeting launcher

A worldwide vulnerability was detected in software containing the so-called log4j java tool/component. To mitigate the risk of hacks / ransomware attacks they requested whether you could answer the following questions, with regard to the GoToMeeting Opener software package that we use, developed and distributed by your company.

 

  • Does the application contain the log4j java-component?
  • Is the used version of this component vulnerable for CVE-2021-44228?
  • Do you already have a patched version of the application available? 
  • If no, when can this be expected?
  • Is a workaround available? 

 

My apologies for the inconvenience and many thanks for your help!

 

1 ACCEPTED SOLUTION

Accepted Solutions
AshC
LogMeIn Contributor

Re: log4 java script used by Go-To-Meeting launcher

@EvenSteven  Our teams are continuing to investigate and either verifying that there is no impact or taking steps, where necessary and patching is available, to resolve the issue through security patches on our side. Except in exceptionally rare circumstances, where users have been notified, there is no further action to take on the customer side regarding this vulnerability.

 

You can reference this support article for updates around our findings:  https://support.goto.com/meeting/help/logmeins-response-to-log4j  

 

 

View solution in original post

3 REPLIES 3
AshC
LogMeIn Contributor

Re: log4 java script used by Go-To-Meeting launcher

Hi @TomS1  

On Friday, December 10th, a zero-day vulnerability affecting a widely utilized open-source logging tool that is part of Apache Logging Services impacted a meaningful subset of the software industry. The security of our services and customer data is a top priority for LogMeIn and we are taking this matter very seriously. Upon becoming aware of the vulnerability, LogMeIn initiated an investigation to determine if any further action is required to mitigate against the vulnerability. Additionally, we continue to monitor for the latest information regarding this issue with Apache to keep our software and customers safe and secure.  

EvenSteven
New Contributor

Re: log4 java script used by Go-To-Meeting launcher

Is there any news on this? Is your service by any chance affected? As the post starter suggested, log4j script is used by the launcher?! Has any actions been made? Do i as a user of the service need to do anything?

AshC
LogMeIn Contributor

Re: log4 java script used by Go-To-Meeting launcher

@EvenSteven  Our teams are continuing to investigate and either verifying that there is no impact or taking steps, where necessary and patching is available, to resolve the issue through security patches on our side. Except in exceptionally rare circumstances, where users have been notified, there is no further action to take on the customer side regarding this vulnerability.

 

You can reference this support article for updates around our findings:  https://support.goto.com/meeting/help/logmeins-response-to-log4j  

 

 

View solution in original post