GETAC TECHNOLOGY CORPORATION SECURITY UPDATE FOR INSYDEH2O UEFI FIRMWARE VULNERABILITIES
Getac Technology Corporation (“Getac”) is reviewing and assessing the impact of the Apache Log4j Remote Code Execution vulnerabilities tracked in CVE-2021-44228 and CVE-2021-45046 to our products. The security of our products is a top priority and critical to protecting our customers.
For Getac products, there have been no found effects to most of our products and services (Device, Applications, Web Service, Cloud Solution), except X500 G3 Server with RAID Expansion. Please contact our service team for more information. Meanwhile we will continuously monitor and update stakeholders if there is any new information.
What is Log4j?
Log4j is a piece of free, open-source software used by thousands of websites and business applications around the globe. Ninety-five percent of Java programs use Log4j directly or indirectly.
Suggestion: Customers are encouraged to follow security best practices, including those recommended by Apache (Log4j – Apache Log4j Security Vulnerabilities), and continue to monitor this notice for updated information as it becomes available.
For your reference, please check the links below:
- Apache Publication: Log4j – Apache Log4j Security Vulnerabilities
- CVE-2021-44228 (Apache Log4j 2): NVD - CVE-2021-44228 (nist.gov)
- CVE-2021-45046: NVD - CVE-2021-45046 (nist.gov)
Getac Disclaimer
All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis, without express or implied warranties of any kind. All products, information, and figures specified are preliminary based on current expectations and are subject to change without notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their individual environments and take appropriate actions. In no event shall Getac or any of its affiliates be liable for any direct, indirect, consequential, punitive, special, or incidental damages arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon (including, without limitation, damages for loss of business, contract, revenue, data, information, or business interruption). Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
December 30, 2021
