We would like to briefly inform you that our automation platform VBASE is not affected by the newly discovered Log4shell security vulnerability.
The affected logging framework Log4j is not used in VBASE. Therefore, there is no risk for VBASE systems due to the new vulnerability.
Log4j is an open-source framework for logging application messages in Java and is used in many software products. The vulnerability, which was discovered in December 2021 and is known as Log4shell, exploits vulnerabilities in the Java libraries used and enables the execution of malicious code (remote code execution) on the affected host systems. The German Federal Office for Information Security (BSI) classifies the vulnerability as very critical.
In general, we recommend for a secure operation of VBASE systems: