we inform you about the log4j security vulnerability:
pascom 19 and parts of pascom 20 are affected by the problem, even if the “usual” script attacks cannot be applied to our systems.
We have known about the issue since Friday morning. We are working on a patch for pascom 19 and will keep everyone updated in this thread. Our cloud systems are updated automatically.
For version 19.17 and higher, we are not attackable with the main exploit via LDAP because we ship the latest Java bug fixes with this version. In addition, only the XMPP server is affected and not e.g. the web server. So a handcrafted attack would have to be done directly with our protocols.
This means that the attacks currently circulating on the Internet all fail currently.
Recommended action for on-site systems: We currently see no urgent need to take the systems offline. A corresponding bugfix release will be available during the afternoon.
Recommended action for cloud users: No user action is required here. Our systems have been monitored since the weekend. The security vulnerabilities will be completely closed with an update tonight.
We will inform all on-site customers as soon as the bug fix is available.
Welche Version habt ihr denn eingebaut?
Wir haben das problematische Feature generell deaktiviert und nicht nur die Version angehoben.
we have installed Pascom version 17 on our server.
With a test I have noticed that we are vulnerable to LOG4J.
Can we solve? Is there any update?
Log4perl should not be vulnerable against CVE-2021-44228 (MITRE) as stated here (IT Security News) and here (borncity).
we need to receive support regarding the update could you help us?
if you have a PREMIUM Subscription you can contact your support team directly. You can find all the details via my.pascom.net in your Subscription Details.
If you are a FREE or BASIC user, please consult the forum for help.
the colleague who had the access data no longer works in our company.
how can we recover them?
please use for support requests our mypascom Portal and open a new support Ticket. In our system you are registered as Portal admin with your email address. if you have forgotten your mypascom Portal password, simply restore it.