Apache Log4j 2 is a tool that is commonly used for logging requests. As of December 9, 2021, a security vulnerability CVE-2021-44228 was reported for using this utility that could allow attacker to execute arbitrary code - which could allow the attacker to modify computer files or gain access to sensitive data on your computer.
What does it mean for Speeki clients and users
Speeki has a component that utilizes the mentioned utility; however, it cannot be accessed from outside the network. Speeki uses this component for internal tool communications. Therefore, Speeki is not vulnerable to attack via the Apache Log4j 2 vulnerability.
Action from Speeki Team
- Clients and users do not need to take any action.
- Speeki's cybersecurity team is eliminated these vulnerabilities by end of Dec 2021.
- No data thief or lost was reported regarding this matter.