Austin, Texas, USA {December 14, 2021} – Pragma Systems products are not impacted by the critical Apache Log4j vulnerability known as CVE-2021-44228. Pragma Telemote, Pragma Telemote Viewer, Pragma Fortress SSH Server, Pragma Fortress SSH Client and Pragma TelnetServer do not use any java libraries in the products.
On December 10th, 2021, a zero-day exploit was observed in the wild targeting a Remote Code Execution (RCE) vulnerability in the Apache Log4j utility (a Java open source logging tool). This vulnerability allows attackers to inject arbitrary code in the Java library Apache Log4j for versions 2.0-2.14.1. This Java library is widely used by multiple closed and open source projects including Apache Struts. The Log4j vulnerability, also referenced as log4shell, is caused due to the lack of input sanitization whereby when a web application or mobile application server leveraging Log4j to log messages accepts an input and then logs it, a malicious unauthenticated actor can then force the Log4j service to receive a payload or malicious code from another remote server. This will impact the confidentiality, integrity, and availability of the web application server and its data.
The Apache Software Foundation has released an emergency security update to patch a zero-day vulnerability in Log4j, a Java library that provides logging capabilities.
The patch—part of the 2.15.0 release—fixes a remote code execution vulnerability (CVE-2021-44228).
Pragma Systems, Inc. is a leading provider of enterprise class remote access and secure file transfer software for Microsoft Windows platforms and is a Cisco Solution Partner & Microsoft Certified Partner. Pragma is an industry leader of Secure Shell (SSH), SFTP, SCP and Telnet technologies. Pragma's SSH product line has US Army Certificate of Networthiness (CoN 201621769), FIPS 140-2 (Certificate # 3171), US DoD UC APL, and US Army TIC lab certifications as well as Microsoft Windows Certifications. Pragma's new product, Telemote, adds graphical remote desktop and server management built on our secure SSH transport. Pragma's software products are deployed in the majority of Fortune 500 companies in the USA and over 5000 companies worldwide in 100 countries with millions of licensed nodes. To learn more, visit www.pragmasys.com
###