We have completed all work to ensure any service that could have been affected or exploited by this vulnerability has been addressed.
We have also completed our investigation of the impact on our third-party vendors and determined they are not impacted or have taken appropriate steps to mitigate, update or remove.
Posted Apr 28, 2022 - 16:40 CDT
Monitoring
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021. This exploit results in remote code execution (RCE).
Lightspeed Systems has reviewed our products and infrastructure and determined none of our client side or SasS product repositories contain any use of this library.
Where we utilize an affected service, we have taken steps to mitigate the exploitation of this vulnerability. We are currently investigating the impact on our third-party vendors as well as additional steps we may need to take.
Please continue to monitor status.lightspeedsystems.com for additional updates.