Authentic8 Security Advisory 20211210-1

Determination of Silo non-susceptibility to the “Log4Shell” vulnerability.


Associated CVE IDs

CVE-2021-44228


Description

In response to the critical remote code (RCE) vulnerability referred to as “Log4Shell” (CVE-2021-44228), Authentic8’s Security Architecture & Engineering team performed a security impact analysis of the information systems that make up the Silo service environment.


At this time, Authentic8 has determined that the information systems used to provide Silo services are not vulnerable to the “Log4Shell” exploit.  Our security engineers will continue to monitor this event and analyze any potential for impact to our systems and services. 


Component

Status

Authentic8 Silo

Not Vulnerable

Silo Web Client

Not Vulnerable

Silo Windows Client (v2.9.17 and prior)

Not Vulnerable

Silo Mac Client (v3.12 and prior)

Not Vulnerable



Solution

As the information systems that provide Silo services are not vulnerable, no action is required by Authentic8 customers at this time.


Common Vulnerability Scoring System

CVSS v3 Rating:     None

CVSS v3 Score:     0.0

Vector:         AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N

    

Disclaimer

Because this is a developing security event, Authentic8 reserves the right to change or update this advisory at any time and expects to update it as new information becomes available. This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in this advisory or materials linked herein is at your own risk. 


Additional Notes  

Please contact Support if you have any additional questions and/or require further information.