Critical vulnerability in Java library log4j

[13 December 2021]

The German Federal Office for Information Security has upgraded the warning level to red alert for the zero-day vulnerability in the Java library log4j that is widely used.

For the following products, we offer comprehensive support in implementing the necessary measures.

The Java library is used by the following products

The Elasticsearch component is affected by the vulnerability. A solution to this problem is available. Please contact our support team by e-mail (support.de@caseware.com), to receive guidance on how to proceed.

• Alessa
• CaseWare Monitor

For the following products you do not need to make any adjustments. This applies to all versions of these products. Where necessary, we or the software company of the product have run the required update.

The Java library is not used by any of the following products

Therefore no immediate adjustments need to be made. Please note the information on software from other software suppliers that may be used in combination with our products:

• AuditSolutions

  all desktop products (e.g. AuditAgent, AuditReport, AuditTemplate, SmartPublisher, FinancialSolutions)

• IDEA

  all components (e.g. licensing, SmartAnalyzer, IDEA Lab prototypes) and all versions (e.g. IDEA 10, IDEA 11)

• IDEA apps

• IDEA Marketplace

• XBRL Publisher

  all components (e.g. licensing) and all modules (e.g. electronic balance sheet, digital financial report, disclosure of annual financial statements, procedural documentation)

• SmartExporter

  all components (e.g. licensing)

• App License Management
• AIS TaxMart
• Data ReBase

The Java library is used by the following products

The library was updated to version 2.15 immediately and the vulnerability has thus been eliminated in accordance with the recommendations. There is no need for you take any action. The CaseWare software company ensures that customers are protected from security vulnerabilities. Read more.

• CaseWare Cloud