VIDIZMO is not exposed to Log4j vulnerability. Read more to understand what measures we have taken to mitigate the situation.


Overview

On December 9th, 2021; the widely used Apache logging library log4j was reported to be vulnerable to RCE (remote code execution). This vulnerability has been actively exploited. From giants like Amazon and Tesla to small startups, many organizations are at risk. Security pros say that it is one of the worst computer vulnerabilities they have ever seen. You can read more about it here.


It is a Zero-day vulnerability and therefore, requires rapid and dedicated efforts to patch up the infected servers. Organizations that are running the logging library log4j are at severe risk. Fortunately, VIDIZMO does not run this logging service on any of its servers or devices.


How is VIDIZMO Safe?

On December 10th, 2021, the VIDIZMO team ran an immediate assessment of its codebases for instances of log4j. No instances of log4J were found within VIDIZMO. We have investigated all of our devices, environments, servers, and platforms and we are confident that we are not vulnerable to any attack through this vulnerability.


Third-party App That Is Used Within VIDIZMO

Wowza streaming engine that we use within VIDIZMO has the following recommendations:

  • Customers on Wowza Streaming Engine 4.8.5.05 and below are not impacted by this vulnerability. 
  • For all customers on Wowza Streaming Engine 4.8.8.01 and above, please take the steps outlined in this article to apply a fix. 


Apps That Can Be Integrated With VIDIZMO:

  • AWS Video Indexer
  • Azure Media Analyzer
  • Blackboard
  • BlueJeans
  • Canvas
  • D2L
  • FreshDesk
  • Google Analytics
  • Goto Meeting
  • Moodle
  • Rev
  • SCIM
  • SharePoint
  • Teams
  • SSO (Azure AD, ADFS, Facebook, Forgerock, Google, LinkedIn, Microsoft, Okta, OneLogin, PingID, SAML)
  • Webex
  • Woopra
  • Wrokday
  • Zoom

So far, we are unaware of any threat with these integrations. Users of VIDIZMO who have integrated these apps with their VIDIZMO portal(s) can ask for an assurance from these vendors directly. VIDIZMO takes no responsibility for third-party integrations. 


Is There Anything You Need To Do?

Nothing. We take security seriously and we are sure that there is nothing you need to do because we have got you covered. We will let you know if some action is required from you in the future. 


If you have any queries, feel free to open a support ticket. Our experts will assure you of the safety that VIDIZMO provides to its customers.