As you know, the world became aware of CVE-2021-44228, a critical vulnerability in a logging framework called Log4J, on Friday, December 10th.
When disclosed, Axcient teams immediately began assessing the impact to our solutions. While we continue our research, we wanted to update you on how to make decisions regarding your incident response plan. Axcient has not found any material vulnerability in our products from this issue that would impact partners or their data, apart from one product, for which we have already deployed an update (see BRC appliance version details below). No Axcient systems have been compromised and partner data continues to be backed up and protected safely and securely.
- Axcient x360 Platform products (Recover, Sync and Cloud) are not vulnerable to CVE-2021-44228. We've validated this through auditing of user inputs, tools, and reviewing versions of our libraries to confirm this is the case. Partners on the x360 Platform are fully protected.
- For Axcient BRC, so far our assessment shows that BRC Virtual Office and the BRC Cloud do not use Log4J and are not vulnerable. BRC appliances versions >= 10.4 may be affected. We have proactively deployed an update to all online BRC appliances and disabled the Log4j functionality that allows this vulnerability. While our assessment shows that this fully mitigates the vulnerability and that it cannot be exploited with this update applied, we are also preparing a hotfix that will include the new version of Log4J.
Additionally, the following products do not use Log4J and are not vulnerable: Backup for Files, BDR for ShadowProtect, BDR for AppAssure, BDR for Veeam.
The majority of Axcient internal and cloud operations have already been validated as not vulnerable or have been patched over the weekend. We continue to audit our internal systems to ensure 100% protection against this issue as part of our incident response plan, and expect that review to be complete by December 14, 2021.
Axcient treats all security issues as critical. We have established SLAs for mitigating against any issue to protect our partners and Cure Data Loss. While there are various resources for information on this issue, we recommend staying up to date on the CompTIA ISAO forum here.
We will continue to share security updates as new information is available.
SUPPORT | 720-204-4500 | 800-352-0248
- Contact Axcient Support at https://partner.axcient.com/login or call 800-352-0248
- Free certification courses are available in the Axcient x360Portal under Training
- To learn more about any of our Axcient products, sign up for a free one-on-one training
- Subscribe to the Axcient Status page for a list of status updates and scheduled maintenance