OIL products and services resistant to log4j vulnerability

Cybersecurity researchers recently discovered a vulnerability in the Apache log4j logging library. This critical security vulnerability (CVE-2021-44228) can result in remote code execution. We understand that you, as an OIL client, might have concerns about this. We would like to inform you on the impact analysis Magnus Black has performed on all the OIL products and services. You can find the conclusions below.

Product or Service

Status

Description

OIL OMS

Not impacted

OIL OMS (main application) does not run an exploitable configuration

OIL PIM

Not impacted

OIL PIM does not run an exploitable configuration

TAS

Not impacted

OIL TAS does not run an exploitable configuration

CDN

Not vulnerable

OIL CDN does not use Log4j

Smartproxy

Not vulnerable

OIL Smartproxy does not use Log4j

sFTP

Not vulnerable

OIL sFTP does not use Log4j

Transformation Service

Not vulnerable

OIL Transformation Service does not use Log4j

 

In short; all OIL products and services are resistant to this log4j vulnerability. If you have any questions regarding this vulnerability in relation to OIL, don’t hesitate to reach out to your contact at Magnus via phone or email or file a ticket through our Servicedesk portal.

 

OIL Team

December 13, 2021

Ready to take your next step in order management? ​​

Book a demo to try OIL for yourself, or download an overview of all OIL’s features