Extra Horizon's statement on Log4j vulnerability

Extra Horizon is aware of the Log4j zero-day vulnerability in the Java logging framework. This vulnerability is being tracked as CVE-2021-44228 1 / 2 and currently has the highest severity score [10/10]. Therefore our technical team immediately started an internal investigation, on Saturday, December 11th.

The team confirms that customers and their data are currently not affected by this vulnerability.

During this investigation we have confirmed that although Java is used in our application, none of the services of Extra Horizon are currently using Log4j as its logging mechanism. The CVE 3 does not have an effect on the Extra Horizon codebase and remediation is not needed.

We are currently monitoring all our 3rd party service suppliers to ensure that their services are also not impacted and are patched immediately where needed.

If you need additional details or assistance, please contact the Extra Horizon technical support team at requests@extrahorizon.com.

At Extra Horizon, we have always had and continue to have the highest standards when it comes to customer data security.

1. https://nvd.nist.gov/vuln/detail/CVE-2021-44228
2. https://www.cve.org/CVERecord?id=CVE-2021-44228
3. "CVE is the common term that stands for “Critical Vulnerability and Exposures”