2021-12 Apache Log4j Vulnerability Assessment

In December 2021, the Apache Foundation announced a serious security vulnerability in the Log4j libraries.

The bug is a major vulnerability in the Apache logging library. Attackers could use compromised servers to execute remote code.

Assessment Summary

Software published by Riva International, Inc. is NOT impacted by the recent Log4j vulnerability.

Assessment Overview

As part of our security program, we have reviewed the vulnerability and have assessed whether any Riva service or critical elements of Riva's supply chain including third-party vendors are affected by this bug.

This vulnerability is limited to applications that use the Apache Log4j library - these are applications developed using JAVA.

Riva software does not use the affected Apache Log4j library, including Riva Cloud, Riva Sync, Riva Insight, Riva On-Premise.  As a result, our customers are not directly impacted by this vulnerability by using Riva's software or cloud offerings.

With regards to related services such as licensing, billing, payment processors, we have confirmed with other critical vendors that they are also unaffected - including billing payment processor responsible for automated credit card processing.

If you have configured your CRM or email services to use Apache Log4j, you should make sure to update the library to version 2.15.0 or to switch to another logging library provider.

For more information about the Apache Log4j vulnerability, see https://logging.apache.org/log4j/2.x/security.html.

Supplementary desktop and server asset scanning was completed, on Dec 10, 2021, which found no affected assets through-out the Riva services, development and operating environments.

Additional Security Questions

At Riva, we are committed to delivering an enterprise grade service-level.

If you have specific security concerns, please contact the Riva Success Team, and a member of our team will schedule a call with you to discuss your concerns.