This security advisory provides customers with an update on how Buildsoft services are not impacted by the Apache Log4j vulnerability (CVE-2021-44228). This vulnerability has been referred to as Log4Shell by some outlets.
What is this vulnerability?
A Remote Code Execution (RCE) vulnerability was discovered in the popular Java logging library, Log4j. This industry-wide security vulnerability allows for an unauthenticated adversary to execute code on systems that have this library deployed, by providing specifically crafted content. This is a serious vulnerability that affects many software products and online services.
How does this vulnerability affect Buildsoft products?
Cubit Select and Cubit Estimating are not affected by this security vulnerability.
Buildsoft Hosted products are also not affected by this security vulnerability.
Internally we have taken all precautions advised by our security auditing team of Ernst & Young.
Where can I find more information?
Additional information on this vulnerability can be found here: