CVE-2021-4428

Vulnerability Statement

CVE-2021-4428

16th December 2021

Enghouse Interactive has received information about a vulnerability in Log4j that was classified as critical by many security institutions. This page discusses the impact of the Enghouse Products. The vulnerability is registered under CVE-2021-44228.

Affected

Enghouse BI Pro

Impact Recommendation Required action
The vulnerability can only be exploited by an authenticated and named user that has the proper privileges. No attack vectors are open from outside the application. Install hot fix Install hot fix script available on PartnerPortal: (log4j hotfix)

 

Enghouse Quality Management Suite (QMS)

Impact Recommendation Required action
QMS installations that utilise the 3rd party full-text indexing service, Solr, are affected by the CVE-2021-44228 vulnerability. Follow recommendations on Solr website See: https://solr.apache.org/security.html#apachesolr-affected-by-apache-log4j-cve-2021-44228

 

Enghouse Vidyo

Product affected Recommendation Required action
VidyoPortal version 21.4.x or earlier Enghouse Vidyo has released a security patch to the VidyoPortal to mitigate this risk on the VidyoPortal. Update link: https://support.vidyocloud.com

 

Eptica

Product affected Recommendation Required action
Engagement Suite version 9.6 A vulnerability may be present in a third-party component called ElasticSearch. None. This component is not exposed on the internet, so there was no impact. Nevertheless, we applied a precautionary setting from Friday December 10 in the evening in order to secure this component on all our hosted instances. More info…

 

Not affected

  • Arc Pro
  • Altitude
  • Contact Center Enterprise (CCE)
  • Communications Center (CC)
  • Communications Portal (CP)
  • Communications Portal (CP) and IVR DT
  • CRM Connect
  • CTI Connect
  • Elsbeth
  • Enghouse BI Lite
  • Enghouse CCaaS
  • Enghouse CCSP
  • Enghouse Intuition Advanced Console (EIAC)
  • Enghouse Trio Enterprise And Vision 80/20
  • IVR Development Toolkit (IVR DT)
  • Pro
  • Vocal Coach

Please note that the above are often integrated into the wider business environment. All business applications that are integrated with the above should be verified separately against this vulnerability.

Access MySupport, the Enghouse Interactive Support Portal

Log InRegister