NetSupport Security Statement: Apache Log4j Vulnerability
As part of NetSupport’s commitment to support our customers, we continue to assess any risks to our products and services. This will include sharing key information as we help customers ensure that they are able to manage any risks to their own systems, services or supply chain.
On Dec 9th, 2021, security researchers published a report of a high-risk “zero day” vulnerability (CVE-2021-44228) affecting a common software package (Apache Log4J) that can allow remote code execution.
None of the NetSupport solutions use the log4j library and therefore have not been impacted by this vulnerability.
As a security measure, our team has conducted a full impact assessment since the vulnerability was initially documented, and we have found no software or service offered by NetSupport to be affected.
We will continue to monitor any further information released about this vulnerability.
Solutions analysed and identified as Secure
classroom.cloud: web services, all platforms and mobile apps
NetSupport Manager: all platforms and mobile apps
NetSupport School: all platforms and mobile apps
NetSupport DNA: all platforms, mobile apps and web console
NetSupport Notify: all platforms and mobile apps