OIL products and services resistant to log4j vulnerability
Cybersecurity researchers recently discovered a vulnerability in the Apache log4j logging library. This critical security vulnerability (CVE-2021-44228) can result in remote code execution. We understand that you, as an OIL client, might have concerns about this. We would like to inform you on the impact analysis Magnus Black has performed on all the OIL products and services. You can find the conclusions below.
Product or Service | Status | Description |
OIL OMS | Not impacted | OIL OMS (main application) does not run an exploitable configuration |
OIL PIM | Not impacted | OIL PIM does not run an exploitable configuration |
TAS | Not impacted | OIL TAS does not run an exploitable configuration |
CDN | Not vulnerable | OIL CDN does not use Log4j |
Smartproxy | Not vulnerable | OIL Smartproxy does not use Log4j |
sFTP | Not vulnerable | OIL sFTP does not use Log4j |
Transformation Service | Not vulnerable | OIL Transformation Service does not use Log4j |
In short; all OIL products and services are resistant to this log4j vulnerability. If you have any questions regarding this vulnerability in relation to OIL, don’t hesitate to reach out to your contact at Magnus via phone or email or file a ticket through our Servicedesk portal.
Ready to take your next step in order management?
Book a demo to try OIL for yourself, or download the OIL info sheet.