Critical vulnerability in Java library Log4j

In a press release on December 11, the Bundesamt für Sicherheit in der Informationstechnik [German Federal Office for Information Security] (BSI) reported on a critical vulnerability in the Java library Log4j. Since this software library is used in many software components, we also reacted immediately and checked our software. 

After internal testing, none of our software components and none of our third-party components use a log4j version that could be compromised by the aforementioned vulnerability.

A correspondingly vulnerable version of the component was used by the web front end for license management operated by TKI. Therefore, the necessary countermeasures to safeguard security were taken at this point. We deactivated our web front end for licensing until an update was provided by the respective supplier. We have thus successfully implemented all measures. 

To date, no attacks on this portal, and thus possible flows of data via this portal, are known to us or are actively prevented.

Further information on the critical vulnerability in the Java library Log4j can be found on the website of the Bundesamt für Sicherheit in der Informationstechnik (BSI).