Created Date: December 11th, 2021
Last Modified Date: January 14th, 2022
Description
************************
*** NOTICE JANUARY 10TH 2022 ***
Iseehear Inc. IT Security continues to scan for CVE-2021-44228 vulnerabilities.
At this time, we wish to inform you that no CVE-2021-44228 vulnerabilities were found nor detected with the SoftMouseNET Platform.
The Iseehear Inc. IT Security team continues to monitor the situation closely and we will continue to provide updates as soon as we know if there is an evolving threat regarding CVE-2021-44228.
************************
***UPDATE DECEMBER 29TH 2021 ***
Iseehear Inc. IT Security has completed it's evaluation of CVE-2021-44832 in relation to our applications. Based on our investigation and testing none of Iseehear Inc. applications relating to Log4j, are affected by CVE-2021-44832.
************************
*** NOTICE DECEMBER 24TH 2021 ***
Iseehear Inc. IT Security continues to scan for CVE-2021-44228 vulnerabilities.
At this time, we wish to inform you that no CVE-2021-44228 vulnerabilities were found nor detected with the SoftMouseNET Platform.
The Iseehear Inc. IT Security team continues to monitor the situation closely and we will continue to provide updates as soon as we know if there is an evolving threat regarding CVE-2021-44228.
************************
*** NOTICE DECEMBER 23RD 2021 ***
Iseehear Inc. IT Security continues to scan for CVE-2021-44228 vulnerabilities.
At this time, we wish to inform you that no CVE-2021-44228 vulnerabilities were found nor detected with the SoftMouseNET Platform.
The Iseehear Inc. IT Security team continues to monitor the situation closely and we will continue to provide updates as soon as we know if there is an evolving threat regarding CVE-2021-44228.
************************
***UPDATE DECEMBER 22ND 2021 ***
Iseehear Inc. IT Security has completed it's evaluation of CVE-2021-45105 in relation to our applications. Based on our investigation and testing none of Iseehear Inc. applications relating to Log4j, are affected by CVE-2021-45105.
************************
***UPDATE DECEMBER 20TH 2021 ***
The Apache Foundation has disclosed a new 2021-45105 relating to a Denial-of-Service attack using the log4j library. Iseehear Inc. is currently evaluating if this new CVE will impact any of its products. Further updates will be provided if necessary. This CVE relates to a DoS attack not a Remote Code execution vulnerability which was disclosed in the earlier CVEs.
************************
***UPDATE DECEMBER 14TH 2021 ***
On the 14th of December 2021, it was determined that the patch provided by the Apache Foundation for CVE-2021-44228 was not completely effective. CVE-2021-45046 was assigned to address the new denial of service vulnerability that affects log4j version 2.15.
Iseehear Inc. IT Security has evaluated this new CVE and has determined that there are no impacts to Iseehear Inc. applications.
************************
***UPDATE DECEMBER 13TH 2021 ***
In the wake of the discovery and public disclosure of the Apache Log4j 2 utility (CVE-2021-44228) security breach Iseehear Inc. IT Security immediately launched a review last Friday December 10th 2021 of all the SoftMouseNET Platform applications.
An Iseehear Inc. IT Security investigation to determine whether there was any impact to the SoftMouseNET Platform and by extension our customers was conducted.
Iseehear Inc. IT Security reached out to our third party security consultants for advice and suggestions to determine if Iseehear Inc. servers or applications were vulnerable. Advice and suggestions were provided.
At this time, we wish to inform you that no CVE-2021-44228 vulnerabilities were found nor detected with the SoftMouseNET Platform.
The Iseehear Inc. IT Security team continues to monitor the situation closely and we will continue to provide updates as soon as we know if there is an evolving threat regarding CVE-2021-44228.
************************
*** NOTICE DECEMBER 10TH 2021 ***
A vulnerability (CVE-2021-44832) has been reported on the 10th of December, 2021 in the Java logging library (log4j) in versions 2.0.0 up to version 2.14.1.
The Iseehear Inc. IT Security and Application Development Teams are actively reviewing which Iseehear Inc. products are impacted. As we assess potential impact and remediation, if any, we will update this notice.
Please follow this notice for the latest updates.
If an Iseehear Inc. application is impacted and remediation is needed a separate link to remediation steps will be posted in this notice.
Iseehear Inc. IT Security will continue to monitor the (CVE-2021-44832) situation.
More details surrounding the CVE can be found in the following 3rd party links:
https://blog.qualys.com/
https://www.cisa.gov/uscert/ncas/current-activity
https://www.lunasec.io/docs/blog/
Thank you
Iseehear Inc. Life Sciences