On December 9, 2021, a Proof of Concept (PoC) was released regarding a vulnerability of “critical” level in the Java libraries, which affects all versions of Apache Log4j, from 2.0-beta9 to 2.14.1:
CVE-2021-44228: Apache Log4j2 unsecured JNDI features by LDAP controlled by attackers and other JNDI-related endpoints
CVE-2021-44228 is a serious security flaw, as it allows unauthenticated remote attackers (hackers) to execute code on vulnerable systems.
For the details of this publication, visit the Log4j 2.15.0 section of the Apache Log4j Security Vulnerabilities page (https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.15.0).
Tiesse’s response regarding its products
Hereby, Tiesse declares that none of its products, as well as none of their components, are affected by the Log4Shell vulnerability – CVE-2021-44228, due to the fact that both Apache servers and of the affected Java libraries are not used.