On December 10, 2021, an actively exploited zero-day vulnerability in Java-based software with the designation "Log4j" was announced in public news.
In Germany, the BSI - Bundesamt für die Sicherheit in der Informationstechnik (Federal German Office for Security in Information Technology) - summarizes the facts as follows: “BSI believes that the vulnerability in Log4Shell - in the widely used Java library Log4j – can result in an extremely critical threat situation. The BSI has therefore announced a cyber security warning of the highest degree, which is “Red”. The Federal Office summarized the latest information on the subject in an Update published on December 13th, 2021.
Since 10 December 2021, we have reviewed our systems and services. By 11 December, internet-relevant services were checked and patched where necessary, including services for clients. To date, we have not been affected or compromised by this vulnerability.
CONVAL® is completely developed in Delphi and does not use Java, Java libraries or "Log4J" in any context.
Therefore, there is no risk to our customers from CONVAL® instances installed on customer systems.
If you have any further questions or need more information, please contact our support team at Support@FIRSTGmbH.de