CVE-2021-44228 - ESA-2021-31
For information about the recently announced security vulneratibility, please see this article from the Apache Logging Services website.
We have audited the ScreenSteps web and desktop application to see the applications or any supporting tools are affected by the Log4j2 vulnerability. No vulnerabilities have been found.
On December 10th, very soon after the Apache Log4j2 RCE Vulnerability was announced, ScreenSteps implemented a firewall rule on our web application firewall (WAF) that automatically blocks requests from bad actors trying to exploit the vulnerability.
In addition, ScreenSteps has audited the web application and the desktop software to see what impact, if any, the Apache Log4j2 RCE Vulnerability could have on our systems (see results above).
We will continue to monitor our systems and announcements related to Log4j2.