Cybersecurity researchers recently discovered a vulnerability in the Apache log4j logging library. This critical security vulnerability (CVE-2021-44228) can result in remote code execution. We understand that you, as an OIL client, might have concerns about this. We would like to inform you on the impact analysis Magnus Black has performed on all the OIL products and services. You can find the conclusions below.
Product or Service
OIL OMS (main application) does not run an exploitable configuration
OIL PIM does not run an exploitable configuration
OIL TAS does not run an exploitable configuration
OIL CDN does not use Log4j
OIL Smartproxy does not use Log4j
OIL sFTP does not use Log4j
OIL Transformation Service does not use Log4j
In short; all OIL products and services are resistant to this log4j vulnerability. If you have any questions regarding this vulnerability in relation to OIL, don’t hesitate to reach out to your contact at Magnus via phone or email or file a ticket through our Servicedesk portal.
Ready to take your next step in order management?
Book a demo to try OIL for yourself, or download an overview of all OIL’s features