Log4j RCE (CVE-2021-4428)

anon61700599 · December 11, 2021, 12:34am

We are aware of the log4j RCE (CVE-2021-4428) release today.
We would like to alleviate some of your concerns by assuring you that no components of the Syncro system are written in Java, and none of our components leverage the log4j dependency.
While you work on remediation steps, please be aware that should a vulnerability or incident of this nature occur in the future that impacts Syncro systems, one of our first action items will be to mitigate and notify our customer base accordingly.

charles · December 11, 2021, 4:14am

Hi Support, do you know if Splashtop (buit into Syncro) is subject to this vulnerability.
I have looked on the Splashtop web site and there is no announcment that I can find.

phil · December 13, 2021, 9:07am

I don’t think it would have java in splash top

revivaltechrepair · December 13, 2021, 7:22pm

Well that’s nice to hear!

Jimmie · December 13, 2021, 8:39pm

I saw on Reddit that Splashtop doesn’t use Java, so they are unaffected, but were still doing a full evaluation anyway.

revivaltechrepair · December 13, 2021, 9:57pm

Yea, that might have been my reddit post, which was just this, in case someone didn’t know about this community/post… We should all report back here with further recommended testing strategies / outcomes yea?

anon80049295 · December 14, 2021, 12:28am

Thank-you ! It’s important to know and reassuring that Java as a whole is not used. That’s a good place to be in terms of the codebase for Syncro.

Topic		Replies	Views
Libwebp RCE (CVE-2023-4863) Announcements security	13	3575	October 5, 2023
Bitdefender has been flagging Syncro as malicious and removing it rmm	25	1427	February 7, 2024
Splashtop Streamer Maxing out CPU scripting , mac	31	4653	June 8, 2023
Splashtop uninstalling on Multiple Assets	21	1403	April 5, 2022
Disconnect existing Splashtop Session	0	100	February 28, 2024

Log4j RCE (CVE-2021-4428)

Related Topics