Process Fusion is aware of the severity and the large attack surface of the Apache Log4j2 vulnerability. The remote code execution (RCE) vulnerability threat could potentially affect java and some .Net applications.
We are actively monitoring this issue and are working with our vendor partners to assess the impact and any required remediation.
Before our assessment is complete, please ensure your existing perimeter defense is active and up-to-date to prevent unauthorized entry into your network. Staff must always be vigilant at avoiding cyberattacks like phishing and social engineered attacks.
We will provide further updates as additional information becomes available.
Dec 14th Update:
Process Fusion has reviewed our products, production environment and 3rd party supported products for exposure to the Log4J vulnerability (CVE-2021-44228). Below is an interim update on the vulnerability status:
Process Fusion Products & Infrastructure
Below are impact assessment provided by the respective vendors of our supported products **
− DBMS Connector for ABBYY Timeline. While the overall ABBYY Timeline core product is not affected by the log4j vulnerability, an auxiliary component – a DB connector – uses log4j. ABBYY is actively developing a patch to address this vulnerability as quickly as possible and is reaching out to affected customers. In the meantime, customers can run the following command to fix the issue: ‘-Dlog4j2.formatMsgNoLookups=true’.
− ABBYY FlexiCapture connector for Pega. While the overall ABBYY FlexiCapture core product is not affected, the FlexiCapture connector for Pega is affected by the vulnerability. ABBYY is actively developing a patch to address this vulnerability as quickly as possible and is reaching out to affected customers.