ScopTEL is not effected by CVE-2021-44228 log4j vulnerability

ScopServ is aware of the Apache log4j vulnerability and has completed verification that this issue does not affect ScopTEL products or services.

Log4j is a java addon, no ScopTEL code is written in Java.

On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell”. This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges.

See: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

When exploited, this vulnerability allows an attacker to run arbitrary code on the device, giving full control over to the attacker. Any device exploited should be considered compromised, potentially along with any devices that trusted the compromised device.

Related Articles
ScopServ Vulnerability CVE-2014-1691 January 26, 2015
Scope: ScopServ, ScopTEL installations could be vulnerable to CVE-2014-1691. Description: Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing to load and execute ...
ScopServ Vulnerability CVE-2014-1691 January 26, 2015 Addendum
In addition to https://service.scopserv.com/support/scopservhq/ShowHomePage.do?articlestatus=published#Solutions/dv/542955000000703295/en If your installation cannot immediately and fully be upgraded as per the product bulletin. You may use this ...
CVE-2015-0235 Ghost Vulnerability
Details: https://rhn.redhat.com/errata/RHSA-2015-0090.html Updated glibc packages that fix one security issue are now available for ScopServ Distributions built on CentOS 5. Red Hat Product Security has rated this update as having Critical security ...
Product Bulletin: RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034)
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034) Executive summary Red Hat is aware of a vulnerability found in pkexec that allows an authenticated user to perform a ...
ScopTEL Version 5 to Version 6 scopserv-reports scopserv-realtime post upgrade mandatory Queue Log Migration Product Bulletin
ScopTEL Version 5 to Version 6 scopserv-reports scopserv-realtime post upgrade mandatory Queue Log Migration Product Bulletin Importance HIGH! Official Release date is January 31st 2017 ScopServ scoptel-reports and scoptel-realtime release 5 packages ...

ScopTEL is not effected by CVE-2021-44228 log4j vulnerability

ScopTEL is not effected by CVE-2021-44228 log4j vulnerability

Related Articles

ScopServ Vulnerability CVE-2014-1691 January 26, 2015

ScopServ Vulnerability CVE-2014-1691 January 26, 2015 Addendum

CVE-2015-0235 Ghost Vulnerability

Product Bulletin: RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034)

ScopTEL Version 5 to Version 6 scopserv-reports scopserv-realtime post upgrade mandatory Queue Log Migration Product Bulletin