Brüel & Kjær and Log4j Security
On Friday 10 December 2021, Apache disclosed a critical vulnerability in the Log4j library, an open-source logging element in Java.
This vulnerability allows for an untrusted input to result in LDAP, RMI or other HNDI endpoints loading and executing arbitrary code from an untrusted source. Given the cross-platform nature of Java, this vulnerability is found in all operating systems.
We have investigated our products and determined that those listed below are not affected by this vulnerability.
Industrial hardware and softwareLAN-XI
PULSE Operational Modal Analysis
TFI – Test for I-deas including drivers
Automotive Sound Quality
IMAT + FEA
Sound level meters and associated software2245 Sound Level Meter
2250 Sound level Meter
2270 Sound Level Meter
Work Noise Partner
Product Noise Partner
Measurement Partner Suite
As verification of 3rd party products and components rely directly on the statement of the 3rd party, there is a potential risk that some may open the Log4j vulnerability anyway. To be extra cautious, we are advising customers who are concerned with this issue, or who discover that these components are packaged with our licensing installer, can and should delete this file as they feel appropriate.
Thank you for your patience and understanding during our evaluation of the impact of Log4j’s vulnerability.
If you have any additional questions regarding this issue, please feel free to contact the HBK support team.