El Segundo, CA β January 10, 2022
Vast Conference confirms it has not detected any exploitation of Log4j security vulnerability.
Vast Conference is aware of the vulnerability CVE-2021-44228 β Log4j which was disclosed by the Apache Log4j project. If exploited, this vulnerability could potentially allow a remote attacker to execute code on the server.
Since the threat was identified on December 9, 2021, the Vast Conference IT Team has been doing a full impact assessment of all our software, infrastructure, as well as engaging with our software vendors to determine potential impact. To date, our analysis has not identified a compromise of Vast Conference systems or customer data. We are continuing to follow up with our software vendors for updates. We employ rigorous security practices to safeguard our products and their dependencies as well as the software used to deliver our cloud conferencing services. Thus far, while our exposure to the vulnerability has been minimal, we began to put remediation in place through vendor software updates. We want you to be aware that our software does NOT employ log4j.
The scope of this statement covers all versions of our services and software including:
Conference calling services
Web Meeting software (windows/mac/iPhone/android)
Website/API services
Due to the severity and scope of this vulnerability, Vast Conference will continue to actively monitor the situation.
This page will be updated over the coming days as more information becomes available. If you have any additional questions or concerns, you may contact us at service@conferencecalling.com.