Description

With the ongoing critical news regarding log4j vulnerabilities within Java applications. We at Stingray would like to inquire if sitekiosk servers are vulnerable.

For your reference, here's an article about it
https://www.google.com/amp/s/www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/amp/

I just spoke with our INFRA team and they have given me a list of questions that will required your input.

• Do any of your applications (both internal and third parties) use Java?
• Is the logging library log4j currently in use for such applications?
• What is the version of log4j currently installed?
• Is the application publicly exposed (internet-facing) or only available internally?
• Do you perform sanitization of any inputs available in your application (user login, GET requests, search bars, web forms, etc)?
• Are your third-party applications affected by this issue (see above article for the list of known affected services)?