Cybersecurity Information Briefing for CVE-2021-44228 (Log4j 2, Log4Shell)

This Intercax Cybersecurity Information Briefing is shared with the Intercax community to inform the community of Intercax’s awareness of and handling of cybersecurity events which are of keen interest to Intercax’s customers.

Intercax’s Cybersecurity Team publishes this cybersecurity information briefing on:

  • Common Vulnerability Enumeration CVE-2021-44228

  • a Remote Code Execution vulnerability

  • Commonly known as “Log4Shell”

  • that is undergoing active exploits that are observed in industry-wide use of Apache Log4j 2

Intercax’s Statement on its Products

  • Syndeia Cloud v3.4 (and earlier) does not use Apache log4j 2. Two (2) services in Syndeia Cloud use log4j 1.2.17, which is not affected by CVE-2021-44228.

  • Syndeia Plugins for SysML modeling tools (MagicDraw and Rhapsody), and Syndeia Standalone do not use log4j 2. They use log4j 1.2.17, which is not affected by CVE-2021-44228.

Intercax’s Statement on its Dependent Services:

Syndeia Cloud uses the following four infrastructure components.

For additional information on Intercax’s investigation of this cybersecurity event, please open a support request on our helpdesk.