National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Log4J on Dec 20, 2019. Log4J is a common library from Apache Foundation used in products published by numerous companies. Following products from Synametrics Technologies also use this library:
Although the affected version of the library is used in products published by Synametrics, the actual file with the problem is not. The vulnerability affects products that use SocketServer class in Log4J, which is used to send logged messages to a remote computer using TCP/IP sockets.
Log files in products from Synametrics are only written to local disks, not across the network.
Although none of the products are affected, out of an abundance of caution, follow the steps below if you would like to patch this library on your end.
log4j.jarfrom here. This modified version does not contain
SocketServerclass, which is causing the problem. Since this class is not used, you will not get any runtime errors.