A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.
None of our products (Automate-IT, Pulse-IT, Share-IT) is using this Apache Log4j logging software, therefore there is no action to take on those systems.
Paris, 2021/12/14