Log4j Security Vulnerability

Field Notice – Log4j Security Vulnerability

December 21, 2021

AiRISTA is aware of the Log4j security vulnerability and began an investigation to understand the potential exposure. Based on information available as of December 21, 2021 we believe this vulnerability does not impact our Vision, ARC, or Unified Vision (including sofia) customers.

What is the Log4j?

Log4j is a Java library that was developed by the open-source Apache Software Foundation. It is used for logging error messages in applications, most notably the Apache web server.

What is the vulnerability?

Essentially, hackers exploit a particular lookup pattern and during that exploit, they can insert code that allows them access to other services that are running on the same server. Some of those services may allow them to install crypto-mining malware, take advantage of LDAP servers that may reveal usernames and passwords.

AiRISTA’s use of Log4j

The CVE in question (Common Vulnerability and Exposure) is CVE-2021-44228 and affects versions of Log4j 2 prior to version 2.14.1. AiRISTA does not use these versions in any production versions of its software.

THIS DISCLOSURE IS BASED ON INFORMATION PROVIDED BY LOG4J.  AIRISTA IS RELYING ON THE TESTING AND DISCLOSURES MADE BY LOG4J AND HAS NOT INDEPENDENTLY TESTED THE LOG4J VERSION IN THE SYSTEM.  CUSTOMER USES THE LOG4J PROVIDED BY AIRISTA AT ITS OWN RISK. AIRISTA DISCLAIMS ANY RESPONSIBILITY OR LIABLITY FOR CUSTOMER’S USE OF LOG4J. 

If further assistance is needed, please contact us (CustomerService@airista.com).

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on email

Register for UCE

Training Request for Info

Register for ACRE

Training Request for Info

CONTACT AIRISTA FLOW FOR FURTHER INFORMATION

Please fill in the form below and we’ll get back to you ASAP.

OUTDOOR COVERAGE (OPTIONAL)

Extension of panic button service to outdoor areas and other spaces typically not covered by Wi-Fi, such as pools and parking lots

CUSTOM RULES & REPORTING

A custom rules engine for creating workflows and sophisticated response initiatives Custom report creation in addition to canned reports in the Essential and Pro packages

TEMPERATURE MONITORING (OPTIONAL)

Temperature monitoring and alerting for refrigerator and freezer compliance in place of paper-based reporting

ASSET TRACKING (OPTIONAL)

Track the location of mobile assets, such as luggage carriers, room service carts, and laundry bins

VOLUME BASED PRICING

Pricing based on number of hotel locations

PRO RESPONSE TAGS

A two-way communicating tag typically used by security and management for delivering panic event notifications, locations, and times as a text to tag screens

SYSTEM HEALTH

A view of the complete housekeeper safety solution to maintain optimal system health

REPORTING

A view of the previous 60 days of events in an easy-to-read table format with easy export capability

EVENT REPLAY

A recording of the team’s response using visual pathways and times overlaid on maps for retention, compliance, testing, and best practice creation

Panic Button Tags

A variety of low-cost tags with push-button activation typically used by housekeeping staff for generating easy and reliable panic alerts

HOUSEKEEPER SAFETY PORTAL

A private cloud portal for managing alert activity, creating custom rules, viewing dashboards and reports, and monitoring system health

CONTACT AIRISTA FLOW FOR FURTHER INFORMATION

Call Us

Contact Us