The EfficientIP SOLIDserver Solution is not affected by the security vulnerability described in the CVE-2021-44228 as it does not in any way use the Apache Log4j library.
Following publicity around the Apache Log4j security vulnerability last week-end we have received a lot of calls from customers, partners and community friends asking about the possible impact on our DDI solution, especially on the API endpoint that may be used in all IT automation as the IPAM is the central source of network truth. We can assure our customers that our solution is not using Java as a software component and that it does not use Log4j for logging activities. SOLIDserver is therefore a safe solution with regards to this vulnerability that was demonstrated in the past at Blackhat 2016 and fixed in version 2.15.0 of Log4j released early in December.
This new security topic demonstrates the importance of architecture, network topology, service separation and continuous testing. It mainly highlights the advantage of regular patching of any software service, including infrastructure appliances. Inventory of applications, devices, IP addresses and most generally of assets is key in modern IT. We will have to face many other security challenges linked to software. When it is on OpenSource, things are getting fixed quickly, proprietary software needs to be regularly checked and patched.