A new 0-day vulnerability, formally known as CVE-2021-44228, was published on the NIST National Vulnerability Database on Friday and was followed by this NIST entry on December 14th. The vulnerability is found in the Log4j Java library.
Log4j is a popular open-source logging library made by the Apache Software Foundation. The security vulnerability found in Log4j allows hackers to execute remote commands on a target system. The severity of the vulnerability is classified as “Critical” by NIST.
Our investigations show that Bespeak may have the Log4Shell vulnerability. We are currently working on upgrading Log4j to the latest version, 2.15, in order to keep your business safe. At the moment, no further action is required from your side. We will update this page if this changes for any reason.