Log4j2 Vulnerability Assessment
Update History: December 14, 2021, at 4:30PM EST – Published
IPVideo Corporation is aware of the Log4j2 vulnerability CVE – CVE-2021-44228 (mitre.org) and our product, operations, and security teams are currently assessing all products.
As always, please follow cybersecurity best practices including ensuring all of your servers are properly secured behind firewalls, backed up, and not left unprotected on the internet if they are installed on-premises.
Please check back to this site regularly as we will continue to post updates as new information becomes available.
IPVideo Corporation has been performing a review of our products, code and production environments. Currently, our analysis indicates that the products listed below are not affected by this vulnerability. As this is an evolving threat, we will update this site as new information becomes available.
- HALO V2.0
- HALO V2C
- HALO Cloud
- While the AVfusion and ViewScan products are not affected, customers should investigate the environment where they have installed the product(s) to ensure the operating systems, other software installed on the server and virtual environments are not affected. For example, VMware is commonly used to virtualize the underlying infrastructure and they have provided an update on their products at the following link: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
- Our analysis was done on the latest released version of each product. SaaS products are always on the latest version, but for on-premises products, you should ensure you have updated to the latest version.
- Our HALO Cloud backend utilizes Amazon Web Services. Amazon has addressed the vulnerability and we are actively monitoring their updates.