On December 9, 2021, a security vulnerability in an open-source library called Log4J was made public. Log4j is an open-source, Java-based logging library widely used by enterprise applications and cloud services (most often in Java-based applications).
If exploited, this vulnerability allows remote code execution on vulnerable servers, giving an attacker the ability to import malware that allows taking control of targeted systems.
All the products and applications using log4j are potentially vulnerable. We encourage your internal team to examine the impact of this security issue on other vendor software you may be using.
Affected users and administrators are encouraged to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. Everything that uses the affected library versions must be tested with the fixed version in place.
If you need assistance with your OpenText applications, as part of the Log4j security fix engagement, feel free to reach out to us.