Vade is aware of the zero-day vulnerability in the open-source Apache Log4Shell (Log4j) utility, which could allow a remote code execution attack. The flaw is being actively exploited worldwide and has affected numerous companies, including Apple, Amazon, and Microsoft.
Vade is closely monitoring the situation and took immediate action to identify potential vulnerabilities in our products and services.
The below products are affected:
- Vade Cloud
- Vade Cloud Kit
- Safe Unsubscribe
The below products are NOT affected:
- Vade for M365
- Vade MTA Builder
- Vade Gateway
- Email Content Filter
- Vade Partner Portal
- IsItPhishing
Mitigation
- Vade Cloud: Vade Cloud has been patched and the update sent to all affected customers on Vade Cloud Kit.
- Safe Unsubscribe: Safe Unsubscribe has been patched and the update sent to all affected customers.
Vade will continue to monitor the situation and provide updates as necessary.
More information about the Log4j vulnerability:
NIST
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
