Dear Valued Customer,
Customer Security is a top priority for Rocket Software and is an essential part our customer experience. We are constantly improving our capabilities, practices, and our people to deliver products and services that meet the highest security standards.
However, even with this commitment to security excellence, there are still cases where vulnerabilities can be present.
The Rocket Software Security Teams were recently made aware of a vulnerability in the widely utilized Apache Java logging library Log4j2 package that can allow an attacker unauthenticated remote code execution (RCE) access to the servers that the run this software. This vulnerability has been tracked as CVE-2021-44228 and is classified as severe.
With regard to Rocket Software’s products, we have identified which software platforms and versions contain the vulnerable Log4j2 utility code and are actively remediating the affected products. Rocket Software highly recommends that customers running impacted software packages follow the Apache recommended mitigation process which can be found here: https://logging.apache.org/log4j/2.x/security.html
Rocket Software’s information security team has implemented preliminary mitigations to protect our enterprise resources against this threat. We continue to evaluate this evolving risk and will deploy additional preventive and detective capabilities within our enterprise technology environment.
Security within our products, services and enterprise is of the upmost importance to Rocket Software. If you have any additional questions or need assistance, please contact Rocket Customer Support (https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport) or ASG Customer Support (https://www.asg.com/en/Support/Access-Login.aspx?func=home).