Important customer notification regarding security information and immediate actions as well as the current security vulnerability in Java library log4j (CVE-2021-44228) “Log4Shell”
The German Federal Office for Information Security (BSI) published a cyber security warning of warning level red on 13 December 2021. Comparable publications were also made in other countries, e.g. National Vulnerability Database of NIST in the USA (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) or by the EU (https://www.enisa.europa.eu/news/statement-on-log4shell).
The reason for this warning of the highest alert level is a critical vulnerability in the widely used Java library Log4j, which, according to the security authorities, leads to an extremely critical threat situation. The vulnerability could potentially allow attackers to execute their own program code on the target system and thus compromise the server (source: BSI).
Unfortunately, some Beta Systems products are also affected by this vulnerability. Beta Systems has been working since last weekend to identify potentially affected components and to patch them promptly to close this vulnerability.
We will gather here on this website all important information you need for the products you are using to counter this security threat.
We strongly recommend that you take the actions we describe immediately.
Security information and recommended immediate actions:
Information about the security vulnerability in the Beta Systems Customer Portal:
In the Beta Systems Customer Portal, we have published detailed customer information on the security vulnerability since 12/13, which we will update regularly.
Direct link to the Customer Portal: https://customer.betasystems.com/news
Overview Security Issues & Immediate Actions in the Beta Systems Customer Portal:
In the Beta Systems Customer Portal (https://customer.betasystems.com), you can find more detailed information and recommended immediate actions to reduce your risk in the TechInfo section under Security Issues for the affected Beta Systems products. We strongly recommend that you immediately implement the actions described there.
The information is continuously updated in the Customer Portal. Please check the information for updates.
Direct link to the Customer Portal: https://customer.betasystems.com/techinfo/securityIssue
If you do not have access to the Customer Portal, please contact Beta Systems Support.