Smart System Security
Known Issues & Fixes
This page was last updated on: December 20, 2021
It is one of our major interests to provide you as our customers with reliable and highly secured products and system solutions. On this page, you will therefore find information about known issues and their solution approach.
In case you are not sure whether your system may be compromised, please contact our Customer Support via your JIRA Customer Help-Desk or e-mail us: Support(at)LStelcom.com.
As you may have heard from media and press reports over the last weekend and beginning of this week, an IT security gap has been identified. LS telcom is aware of the Log4j security vulnerability being reported by Apache.org, specifically CVE-2021-44228.
We will keep you informed about the investigation results on how this vulnerability affects our products.
LS OBSERVER CMS
Where Log4j is used in external SPECTRAweb or mySPECTRA we recommend to execute the above described mitigation actions.
Log4j has released version 2.17.1, which contains a solution for the vulnerability. Where required LS telcom is preparing a patch to resolve the vulnerability. We will provide further information on the roll-out and installation procedure once it is available.
Log4j is used in internal SPECTRAplus, SPECTRAweb and mySPECTRA versions by several services. At this point, we consider the risk for such systems to be lower as these services are not directly available via public internet. Nevertheless we recommend to execute also for these systems the above described mitigation actions.
Log4j has released version 2.17.1, which contains a solution for the vulnerability, LS telcom is planning to release a patch that resolves the vulnerability. We will provide further information on the roll-out an installation procedure as soon as available.