Geonexus Software and Apache Log4j Vulnerabilities

Geonexus Software and Apache Log4j Vulnerabilities

Geonexus is aware of the Log4j library critical vulnerabilities announced on December 9th and understands that this issue is a critical area of focus for our customer and IT teams across the globe. Geonexus is actively investigating the impact of the Log4j library vulnerabilities as several Geonexus software products contain this common logging tool. This article contains the latest information about Geonexus products and will be updated as new information becomes available. Currently, there are no known issues related to the current vulnerability with any of the Geonexus software applications. Geonexus software applications do not contain the vulnerable log4j 2.x library. 
The table below indicates the Log4j version used by each Geonexus software applications.

Geonexus Product

Description

Current Log4j Version Used

Comments

Geonexus Integration Platform (GIP)

 

Geonexus Integration Platform is used for data sync and migration between GIS/EAM/CIS systems

Log4j v.1.2.17

GIP is a stand-alone product that gets installed on a customer’s internal server. GIP is not a web-based solution and does not utilize JMSAppender

GeoWorx Sync

 

GeoWorx Sync is used for data sync and migration between GIS/EAM/CIS systems

Log4j v.1.2.17

GeoWorx Sync is a stand-alone product that gets installed on a customer’s internal server. GeoWorx Sync is not a web-based solution and does not utilize JMSAppender

GeoWorx Sketch

 

A comprehensive redlining system used to edit geospatial data

Log4j v.1.2.17

 

GeoWorx Sketch is a web-based application that is installed on the customers server. GeoWorx Sketch does not utilize JMSAppender.

 

GeoWorx Office

 

Web-based GIS application for visualizing Assets on ArcGIS Maps

Log4j v.1.2.17

 

GeoWorx Office is a web-based application that is installed on the customers server. GeoWorx Office does not utilize JMSAppender.

 
Geonexus will continue to monitor events pertaining to Log4j vulnerabilities as our development team completes plans to upgrade all our software applications to the latest supported version of Log4j in 2022. 
If you have any specific concerns regarding this issue, please feel free to reach out to either your Customer Success Manager or our Customer Support Team.