Update Feb 15, 2022:
Veryx’s security and response teams had conducted a thorough review of the entire software and removed the vulnerable portions of Apache Log4j2 Java library in Veryx ATTEST Test Framework.
Customers may contact Veryx customer support to get the new software release.
Other Veryx products are not affected by Log4j vulnerability.
Clarification about Log4j vulnerability in Veryx products
About the Log4j vulnerability
There are two reported security flaws with Log4j in the Apache Log4j2 Java library: CVE-2021-44228 and CVE-2021-45046. For the most up-to-date information on the Log4j vulnerability, we suggest resources such as this guidance webpage from the US government’s Cybersecurity & Infrastructure Security Agency, or this security alert from the UK government’s National Cyber Security Centre.
What we are doing
Veryx’s security and response teams are conducting a thorough review to identify and mitigate vulnerabilities. If any impact is identified, we will notify and deploy the efforts necessary to neutralize the potential threat. Although still underway, initial analysis does not present discoveries of concern nor any indications of exploitation of this vulnerability.
We will continue to actively monitor this issue and provide updates.
If you have more questions or concerns, please reach out to Veryx Customer Support.
Veryx, Veryx ATTEST, SAMTEST, PKTBLASTER, CLOUDMON and BRIGHTVUE are trademarks of Veryx Technologies. All other trademarks of owners are acknowledged.
About Veryx Technologies
Founded in 2002, Veryx Technologies (www.veryxtech.com) is a provider of innovative visibility, security and testing solutions for enterprises, cloud service providers, network service providers, and network equipment vendors. Veryx products and solutions have been well recognized in the industry with numerous customer successes and awards for close to two decades. Veryx has technology and marketing partnerships with global players in the networking industry.