Ericom Software is closely monitoring the information about the Log4Shell vulnerability as it emerges.
At this time, we can confirm that no currently deployed cloud products – Ericom Shield, Ericom RBI delivered through technology partners, Ericom Connect, Ericom ZTEdge – have exposure to the exploit in the Log4Shell CVE-2021-44228 or CVE-2021-45046 vulnerabilities.
Ericom Shield on-premises product versions 21.01 and later leverage Log4j, which has the vulnerabilities, but they cannot be exploited due to prior architecture hardening that prevents exposure of critical internal components to outside communication. Customers using these versions are therefore not impacted by the Log4j vulnerabilities. Despite this, Ericom has created a hotfix for Ericom Shield versions 21.04 and 21.07 and, as an extra precautionary measure, we recommend customers apply the update to remove the vulnerable component. The update can be obtained by contacting Ericom customer support.
Please contact us if you have any questions or concerns about this matter.