Details
-
Story
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Software (SOFTWARE)
-
Sprint# 62 (Dec 6 - 17)
Description
Issue
CVE-2021-44228 is identified in Hybrid Chat components and other Java-based components. The vulnerability is identified in the following components
- CCM
- Communication Server
- Routing Engine
Business Impact
Customer Channel Manager in Hybrid Chat is vulnerable due to CVE-2021-44228. The Customer Channel Manager (CCM) is responsible for handling communication with all channels except WebChat. This vulnerability may impact all customer channels except WebChat.
Implementation
This vulnerability is caused by Log4J2 in versions older than 2.15.0. It is recommended to update the Log4J2 library to at least ≥ 2.16.0 which resolves the following two vulnerabilities:
- CVE-2021-44228 - Critical
- CVE-2021-45056 - Low