December 12, 2021
A high severity vulnerability (CVE-2021-44228, CVSSv3 10.0) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly on December 9, 2021. The vulnerability allows for unauthenticated remote code execution (RCE). This vulnerability exists in Apache Log4j 2 versions 2.0 to 2.14.1. According to the developer, version 1.x of Log4j is not susceptible to this vulnerability.
...
1. DualShield 5.x, DualShield 6.1, 6.2, 6.3 includes Log4j 1.x which is not susceptible to this vulnerability unless JMS Appender is used. DualShield does not use JMS Appender.
2. DualShield 6.4 includes Log4j 2.14. However, DualShield 6.4 includes JRE 8u203 which is not susceptible to Remote Code Execution (RCE).
...
Click here for instructions on how to change JAVA settings in the DualShield platform.
Actions been being taken by the DualShield team
To ensure that DualShield is absolutely free from this vulnerability, we will We are working to produce an update of the DualShield with Platform that will include the latest update of Log4J shortly.(Note: We did produce an update, DualShield 6.4.20.1212, on December 12. Unfortunately, it was discovered today that it has a compatibility issue with the DualShield IIS Agent. Therefore, it was taken offline. We will produce a new update asap)that has fixed the vulnerability. We estimate that the update will be ready by Friday, December 17, 2021.