On December 09, 2021, a severe vulnerability (CVE- 2021-4422) was disclosed in the popular Java logging library Log4j 2 versions- 2.0 to 2.14.1, that results in remote code execution (RCE) by logging a certain string. You can find the details of this vulnerability here: https://logging.apache.org/log4j/2.x/security.html 

Though there were a few attempts, we didn't find any traces or evidence of a successful exploitation. As we also possess some third-party components that could be potentially vulnerable, we've completely patched the vulnerability as a mitigation measure. And we can vouch for the fact that no sign of an active exploit could be found throughout Site24x7. Also, the different binary or installable software/agents we support aren't prone to this vulnerability.

We'll keep analyzing the issue and will be posting the new updates in this thread. Please feel free to contact support@site24x7.com or security@zohocorp.com for further details or assistance; we're happy to help you.

Regards,

Vinoth

Site24x7 Red Team