Virtual Cable informs all administrators and users of a platform with UDS Enterprise that our software is not affected by the vulnerability recently detected in Apache Log4j.
UDS Enterprise does not contain any of the exposed libraries, but even so, our team has meticulously reviewed the vulnerability registered as CVE-2021-44228. After the exhaustive analysis carried out, we confirm that our VDI broker is safe from this security issue that has put a multitude of companies and technologies in check all over the world.
Our experts recall that UDS Enterprise can interact with other elements that may be compromised by this threat, which does not affect our software, but could pose a risk to our users. Therefore, it is highly recommended to thoroughly review the information provided by the manufacturers of each of the components and take the necessary actions to guarantee the safety of the entire environment.
Also known as Log4Shell, CVE-2021-44228 is a Zero-Day exploit detected in Apache's open source Log4j 2 log library. It has been classified as critical, as any unauthenticated attacker could remotely execute code on a server with an affected version of Log4j. In this way, it is possible to import any malware that would allow taking complete control of the said server and compromise the end-user devices.
The scope of this vulnerability is pervasive, as countless online applications and services use the affected library to record an execution list of the activities they have performed. Popular services such as Apple iCloud, Amazon, Minecraft, Steam, or Twitter have been impacted by this vulnerability, first discovered by Chen Zhaojun from Alibaba Cloud Security Team.
For more information, you can consult this link.