How CVE-2021-44228 Affect Products From Synametrics

National Institute of Standards and Technology (NIST) logged in a new vulnerability regarding Log4J on Dec 10, 2021. Log4J is a common library from Apache Foundation used in products published by many companies, including the following products Synametrics:

• Xeams
• Syncrify
• SynaMan

This vulnerability is limited to versions between 2.0 and 2.14.1 of Log4J. Products from Synametrics use an older version of Log4J with a custom wrapper around it. Therefore, none of the products from Synametrics are vulnerable due to this newly discovered security risk.

Confirming You're Not Affected

The cyber security team from Huntress have created a testing tool that you could use to confirm none of your installations are affected. Use the following steps to use that tool.

• Visit https://log4shell.huntress.com/
• You will see a unique identifier towards the end, similar to the screenshot below.
• Enter the Test String you see as the User ID on the product's login screen.
• Click View Connections button on Huntress's website to see the results.
• Vulnerable products will cause your public IP address to appear on Huntress's result screen. Since Xeams, Syncrify, or SynaMan are not affected, you will see this Test String in the local log file, but nothing will appear on Huntress's result screen. Log files where this Test String appears is product specific:
  • Xeams - $INSTALL_DIR\logs\InvalidPasswordAttempts.log
  • Syncrify - $INSTALL_DIR\logs\AuditTrail.log
  • SynaMan - $INSTALL_DIR\logs\SynaMan.log