Here is an important notice on the recently discovered Apache Log4J Java library vulnerability that has been discovered which has affected many companies and services.
We are aware of the recently discovered vulnerability in the Apache Log4J Java library that has affected many companies and services. The following is a summary of our current efforts to address this issue and the status of any know threats.
Clare Backend Services:
Clare is continuing to inventory our products and systems potentially impacted by the vulnerability. As necessary, we are updating to Log4j version 2.16, which fixes the vulnerability, and applying mitigations in the interim, even in cases where additional control layers such as network controls and application firewalls have prevented exploitation of this vulnerability.
ClareOne Panel
The Log4J vulnerability does not impact the ClareOne panel.
Known Exploits
We are not aware of any impact this exploit has had on any Clare backend systems. Out of an abundance of caution, we are continuing to investigate and take precautions for Clare as an enterprise, as well as Clare products and services that could be potentially impacted. We will take all necessary actions to prevent and mitigate any issues this exploit could cause.
Communication to Dealers
If a Clare Cloud system is impacted, there will be a bulletin posted on our website on the Dealer Dashboard and FusionPro backend news feed as remediation or fixes become available.
Actions Required by Dealer
None.
Thank you to all of our wonderful dealers and end users for your understanding and patience in this matter.
