MCE is aware of the recently disclosed security issue that relates to the open-source Apache “Log4j2” utility (CVE-2021-44228). We are actively monitoring this issue, and are working to identify 3rd party service providers who may affect mce.
So far, we have completed an overall code-scan of all mce products (SDK, Android, iOS, Retail, Web, Call Center, etc.) and confirmed that there is no use of the Log4j2 utility or parts of its code. As such this vulnerability does not directly affect any of mce solutions, products, or services.
If you need additional information, details or assistance, please contact mce support or your Customer Success Manager.
Are my products using mceSDK affected?
In short, no.
Our security team is currently investigating the impact of the Log4j2. So far, we have confirmed the vulnerability is not in mce’s codebase and we do not believe any mce SDK components are affected. We continue the investigation with all 3rd party service and software suppliers we have in order to identify any vulnerabilities in these services.
Are my mce Retail/mobile/Call Center/web enabled systems affected?
In short, no.
Our security team is currently investigating the impact of the Log4j2. So far, we have confirmed the vulnerability is not in mce’s codebase and we do not believe any mce solution or product are affected. We continue the investigation with all 3rd party service and software suppliers we have in order to identify any vulnerabilities in these services.
Comments
0 comments
Article is closed for comments.