Java Zero-day Vulnerability Notification

Java Zero-day Vulnerability Notification

Published: December 13, 2021

Version: 1.0

Executive Summary

AvePoint is releasing this security advisory to inform customers that we are aware of the recent Java Zero-day vulnerability referred to as Log4j.

Advisory Details

AvePoint is not affected and based on our investigation to date has not been impacted by the incident. We are evaluating the risk to our supply chain for any possible indirect exposure to the Apache Log4j incident.

Suggested Actions

Security Actions - No additional action is required.

Mitigation Steps - No additional action is required.

AvePoint implements best-in-class techniques for identifying, protecting, and detecting cybersecurity threats.

The information security and data privacy of our customers is AvePoint’s highest priority. If you have any questions about this and/or you are contacted by anyone else about this issue, please contact our security team immediately at security@avepoint.com.

For your additional information please find AvePoint’s reporting policy and response plan:
https://www.avepoint.com/company/vulnerability-reporting-policy/