Log4J (2021/2022) Exploits and Review

[Updated 01/05/2022]

Edulog has continued to investigate the Log4J vulnerability since Friday, December 10. Currently we have reviewed the following vulnerabilities

  • CVE-2021-44228
  • CVE-2021-45046
  • CVE-2021-44832
  • CVE-2021-45105
  • CVE-2021-4104

The current results of our investigation have shown that Edulog software does not use the affected software versions or configurations. The main Edulog products that are not impacted include:

  • eSQL, Web Student, Web Reports, WebQuery, and School Assistant are not affected
  • Driver Portal and Tablet APIs are not affected
  • EduTracker and ETM are not affected
  • Portal Portal Full/Lite both are not affected
  • System Management, Mission Control, and Insight are not affected

Alongside our proprietary applications, we have not found any issues in the code and software which we distribute alongside our products (including Apache/Tomcat). As the developers of Log4j continue to work on patches, we will be reviewing details for an upgrade path to the final, secure version.

Thank you for your understanding as we work through this issue.