Following the discovery a few days ago of the vulnerability called CVE-2021-44228 in the Apache Log4j library (used all over the world on Java software), AXIOS Informatica
took prompt steps to make all affected installations completely secure.
In detail, we have mitigated the vulnerability without affecting the current procedures in place, by removing the Jndilookup class from all AXIOS Informatica software (installed on active servers)
– from AXIOS Informatica not used – thus avoiding possible exploitation of the JNDI lookup also for RMI / JMX services etc.
We therefore declare safe all cloud installations as regards the AXIOS Informatica software. Furthermore, already with the next releases of our software, the patched library will be introduced, released on December 6, 2021.
We have traced this Issues with the ID n.10, to keep as a reference in case of future needs related to the matter in question. Other information relating to the incident can be found on the website of the National Cybersecurity Agency: