December 14th, 2021

Security Advisory: Vemcount Platform NOT Vulnerable by Log4j

Important information for all Vemcount users!

A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on 9th December 2021 and registered with the highest severity rating, “Critical”. A vulnerability rated with a “Critical” impact means the system could potentially be exploited by a remote attacker to get Log4j to execute arbitrary code (either as the user the server is running as, or root).

Log4j is an open-source, Java-based logging utility, widely used by enterprise applications and cloud services. By utilizing this vulnerability, a remote attacker could take control of the affected system.

Vemco Group is aware of this vulnerability, but since our system, Vemcount, is based on PHP and NOT Java, there is no need to worry. Our system is not and will not be affected by these kinds of vulnerabilities.