Statement Regarding Log4j/Apache Vulnerability
Pour consulter cette déclaration en français, voir https://www.aurorainteractive.com/post/énoncé-concernant-le-logiciel-mscope-et-la-vulnérabilité-d-apache-cve-2021-44228 .
On December 10, a security bulletin (CVE-2021-44228) was issued regarding the discovery of a critical vulnerability in Apache's logging tool (Log4j). This vulnerability allows remote code execution. According to some sources, active scanning and exploitation of this vulnerability have been observed.
After analyzing mScope and its dependencies, we have determined that mScope software is not affected by the Apache vulnerability (CVE-2021-44228).
We are not affected because log4j version 2 is not used in our software or its dependencies.
Therefore, no mitigation or update is necessary.
For more information about this vulnerability, see the CCCS advisory: