Dear CBA customers and partners,
We have been made aware of the high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility that may affect Live Assist for Microsoft Dynamics 365.
We are currently checking the impact of this vulnerability on our services. We will keep all our customers notified as this progresses.
For details on the vulnerability, kindly see: https://logging.apache.org/log4j/2.x/security.html
If you require further information, please contact us at support@liveassistfor365.com.
Thank you,
Communication Business Avenue, Inc
Update 14th Dec 2021
Due to the nature of the vulnerability, CBA performed emergency maintenance in all regions.
If you require further information, please contact us at support@liveassistfor365.com.
Update 15th Dec 2021
The patch deployed for this vulnerability on the 13th of December caused an issue with the provisioning service which was fixed on the 14th.
Update 16th Dec 2021
CBA is actively responding to the reported remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell or LogJam. Live Assist for Dynamics 365 was patched for this 2nd Log4j vulnerability globally on the 15th of December between 12:50 and 13:50 UK time.
If you have any questions, please contact us at support@liveassistfor365.com.
Update 21st Dec 2021
CBA has responded to additional information that versions of Apache Log4j2 prior to 2.17 did not always protect from infinite recursion in lookup evaluation either. Live Assist for Dynamics 365 was patched for this 3rd Log4j vulnerability globally on the 20th of December between 18:00 and 23:30 UK time.
Please contact us at support@liveassistfor365.com if you have any questions.