cancel
Showing results for 
Search instead for 
Did you mean: 
lisadonlan
New Contributor

LOG4J Vulnerability

Has the LogMeIn Team done analysis and mitigated any risk from the LOG4J Vulnerability ?

Are there any patches or updates that we need to be aware of?

Tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
AshC
LogMeIn Contributor

Re: LOG4J Vulnerability

Thank you for your patience.

After a full review we can confirm that LogMeIn Central is not affected by the Log4j vulnerability.

 

On Friday, December 10th, a zero-day vulnerability affecting a widely utilized open-source logging tool that is part of Apache Logging Services impacted a meaningful subset of the software industry.  The security of our services and customer data is a top priority for LogMeIn.  Upon becoming aware of the vulnerability, LogMeIn investigated and deployed patches where necessary, in order to ensure that our customers and users may continue to safely and securely utilize our services.  We continue to monitor for vulnerabilities and respond should they arise to keep our software and customers safe and secure

View solution in original post

10 REPLIES 10
AshC
LogMeIn Contributor

Re: LOG4J Vulnerability

@lisadonlan  

On Friday, December 10th, a zero-day vulnerability affecting a widely utilized open-source logging tool that is part of Apache Logging Services impacted a meaningful subset of the software industry. The security of our services and customer data is a top priority for LogMeIn and we are taking this matter very seriously. Upon becoming aware of the vulnerability, LogMeIn initiated an investigation to determine if any further action is required to mitigate against the vulnerability. Additionally, we continue to monitor for the latest information regarding this issue with Apache to keep our software and customers safe and secure.   

jdarhundw
New Contributor

Re: LOG4J Vulnerability

Are there any updates to this? If so is there a central location where they are being reported or just this thread?

mtmod
New Contributor

Re: LOG4J Vulnerability

Would love to see a statement from LogMeIn on the vulnerability of Central ASAP.
aosupportlmi
New Contributor

Re: LOG4J Vulnerability

Please provide an update on this vulnerability.  We are seeking this information from all of our vendors.

Kris__ITIT
New Contributor

Re: LOG4J Vulnerability

Can we have an update on this.  Urgently needed

mtmod
New Contributor

Re: LOG4J Vulnerability

This is not an answer, but it's been marked as the solution.
Kris__ITIT
New Contributor

Re: LOG4J Vulnerability

I understand this is a holding message but if we have a challenge with LogMeIn you will have millions of end user devices that might be compromised.  Please provide us some more info as soon as possible so at least we have a chance to implement patches.

jdarhundw
New Contributor

Re: LOG4J Vulnerability

This is the same message they are emailing you if you call support or try and open a ticket. There's no other information being provided yet and that is a concern. They said there is no official announcement and they are only replying with this message if you reach out to them.

mockingjay
New Contributor

Re: LOG4J Vulnerability

this 'no answer' strategy they're employing is absolutely unacceptable. You need to communicate to people better. If you don't know the impacts yet, say that, but provide some newer update other than days and days ago.