Enghouse Interactive has received information about a vulnerability in Log4j that was classified as critical by many security institutions. This page discusses the impact of the Enghouse Products. The vulnerability is registered under CVE-2021-44228.
Affected
Enghouse BI Pro
| Impact | Recommendation | Required action |
| The vulnerability can only be exploited by an authenticated and named user that has the proper privileges. No attack vectors are open from outside the application. | Install hot fix | Install hot fix script available on PartnerPortal: (log4j hotfix) |
Enghouse Quality Management Suite (QMS)
| Impact | Recommendation | Required action |
| QMS installations that utilise the 3rd party full-text indexing service, Solr, are affected by the CVE-2021-44228 vulnerability. | Follow recommendations on Solr website | See: https://solr.apache.org/security.html#apachesolr-affected-by-apache-log4j-cve-2021-44228 |
Enghouse Vidyo
| Product affected | Recommendation | Required action |
| VidyoPortal version 21.4.x or earlier | Enghouse Vidyo has released a security patch to the VidyoPortal to mitigate this risk on the VidyoPortal. | Update link: https://support.vidyocloud.com |
Eptica
| Product affected | Recommendation | Required action |
| Engagement Suite version 9.6 | A vulnerability may be present in a third-party component called ElasticSearch. | None. This component is not exposed on the internet, so there was no impact. Nevertheless, we applied a precautionary setting from Friday December 10 in the evening in order to secure this component on all our hosted instances. More info… |
Not affected
- Arc Pro
- Altitude
- Contact Center Enterprise (CCE)
- Communications Center (CC)
- Communications Portal (CP)
- Communications Portal (CP) and IVR DT
- CRM Connect
- CTI Connect
- Elsbeth
- Enghouse BI Lite
- Enghouse CCaaS
- Enghouse CCSP
- Enghouse Intuition Advanced Console (EIAC)
- Enghouse Trio Enterprise And Vision 80/20
- IVR Development Toolkit (IVR DT)
- Pro
- Vocal Coach
Please note that the above are often integrated into the wider business environment. All business applications that are integrated with the above should be verified separately against this vulnerability.
