Déclaration de M5 Technologies sur la vulnérabilité de Log4Shell

M5 Technologies Declaration on the Vulnerability of LOG4SHELL

Sherbrooke, Canada - December 14, 2021.

A major security flaw in the Java Apache Log4J library has recently been identified, allowing users to bypass the safety measures in place. The relative ease of this feat creates potential conditions for large -scale exploitation (similar to Shellshock).

Aware of the importance of the problem, M5 Technologies investigated the feat and analyzed its source code in search of vulnerabilities.

Fortunately, the bridges, ATA and SBC Mediatrix, as well as the M5T SDKs do not use the Java Apache log4J library and are therefore not vulnerable to the log4shell feat.

 

Impact on Mediatrix customers

Given that Sentinel 400 allows you to install a virtual machine (VM) likely to use the Java library concerned, it is advisable to customers using a VM license to ensure that the services installed are safe and that VM is advised and that VM She herself is protected against any form of malicious attack.

References
Apache website - Sharkstriker Web Safety Update - Update of problemscve -20121-44228 - Initial disclosure of vulnerability



About M5 Technologies
M5 Technologies is a global supplier of multimedia communication solutions based in Sherbrooke (Quebec), well known for its reliable and quality operator mediatrix bridges.

By focusing on innovation and excellence in customer support, M5 Technologies provides highly adaptable hardware and software components for communications and multimedia collaboration of companies.

M5 Technologies is present worldwide with local representatives in North America, Latin America, Europe and the Middle East.

Back to blog