The German Federal Office for Information Security (BSI) warns about a vulnerability in the Java framework log4j. Many news media have already reported about it. This vulnerability is considered to be enormously dangerous. Firstly because log4j is virtually a standard and thus extremely widespread, and secondly because the attacks carried out via this vulnerability can be very extensive.

We have already received quite a few customer inquiries on this topic. Of course you as Cavok customers would like to know if your system is affected by this vulnerability. The good news is:

Your cavok system is not affected by the log4j vulnerability.

Cavok only uses log4j in connection with the similarity search. The version we use is not affected by this vulnerability. Moreover, this software component is not directly accessible "from the outside". An attack on our system via this gap in security is therefore impossible.

By the way, since some of our customers have a particularly heightened need for security, the vulnerability of Cavok is always comprehensively tested by external experts.