peaq GmbH
Analytics & automation

Contact Info
Neugutstrasse 12
Wallisellen 8304

Learn More

Follow Us

Log4Shell vulnerability - peaq products not affected

Log4Shell vulnerability - peaq products not affected

14 Dec 2021 By Philip Kurmann

The recently revealed security vulnerability Log4Shell (CVE-2021-44228) has drawn a lot of attention and scrutiny from IT departments, trying to investigate to what extent their organisation is exposed. peaq has also received numerous inquiries regarding the vulnerability of IOportal and SAM4H.

We would like to inform our customers and partners that none of our products are written in Java and also none of them are using Apache. Thanks to these facts, our products are not affected by the CVE-2021-44228 Log4Shell vulnerability.

The only third party dependency in software that is written in Java is Elasticsearch (used by SAM4H). But due to the fact, that Elasticsearch is using the Java Security Manager, it is not affected by Log4Shell: blog/2021_mitigate-log4j2-log4shell-elasticsearch/

In case you or your security department require further details, do not hesitate to contact us.

Your peaq team

Update 2022-09-11

SAM4H release 2.1.1 is shipped with Elasticsearch v7.17.6. According to the following Elasticsearch post, all Log4j-vulnerabilities should be fixed now:

Philip Kurmann

Philip Kurmann

Developing software to manage storage infrastructure for business critical customer environments, that is easy to use and yet robust and error free, requires excellent knowledge in both software development and storage infrastructure. Philip possesses both in a unique way combined with the strive to deliver best-of-breed solutions that are fun to use.