In light of the Common Vulnerabilities and Exposures (CVE-2021-44228 / Log4j, Serviceaide is actively analyzing the impact on all Luma and ISM products.
CVE-2021-44228/ Log4j, also known as Log4shell/Logjam) is a vulnerability in the Apache Log4j open source component that allows Remote Code Execution. This makes products susceptible to malicious attacks and unauthorized operations. Serviceaide uses Log4j for standard logging functionality in all ISM and Luma products.
After investigations and analysis, we have mitigated any risk in our system. Following are the updates:
Luma 1.x is not vulnerable. The Logging libraries used are not vulnerable.
Luma Virtual Agent (Luma 2.x): Risks are mitigated for all environments.
Luma Automation: Risks are mitigated for all environments.
Intelligent Service Management (ISM): Risks are mitigated for all environments. The main component ‘Service desk’ uses Log4j older version (1.x) and is not vulnerable.
The other services or components that use the newer version of Log4j (2.x) have been patched.
Luma Knowledge: Patch has been applied to mitigate the risk.
We are actively working to identify and remediate any potential vulnerability across all products to protect all customers and their data. We will continue to provide details of the Log4j compromise until the risk is completely mitigated.
For more information, please contact the Serviceaide Support team.