A new critical security vulnerability known as Log4Shell (CVE-2021-4428) has been discovered that affects millions of Java applications from many different vendors and is actively being exploited by cybercriminals. The flaw is in the logging framework known as Apache Log4j and could lead to ransomware, data theft, or complete system takeover.
Due to the severity of this security flaw, you may have heard about emergency outages and downtime for services at other companies and the Internet at large while the technology industry works to patch or otherwise remediate their services and applications.
The version of Log4j that is compromised is v2.15.0. Systems that use version v2.12.2 are not affected by the flaw. Additionally, systems that upgrade to version v2.16.0 are not affected.
HydroPoint products for WeatherTRAK, Baseline, or WaterCompass do not use Log4j v2.15.0 anywhere in its cloud-based systems and are therefore not susceptible to this issue.