Tangoe Security Update

Update timeline

1. resolved Dec 13, 2021, 05:31 PM UTC

   Dear Tangoe Client, This past weekend the IT Security team was alerted from several cybersecurity news sources, security vendors, and confirmed by Apache themselves a critical level vulnerability exists in the Apache library Log4j Framework. The vulnerability, “CVE-2021-44228 aka Logjam/Log4shell” if exploited, could allow unauthenticated remote code execution as the user running the application utilizes the Java logging library. What is Apache Log4j? Apache Log4j is a very popular Java-based logging utility commonly used with Java applications. Where can I find more information about this vulnerability? You can lean more at: Log4j – Apache Log4j Security Vulnerabilities Upon learning of the vulnerability, the Tangoe leadership and technical teams were notified and immediate preventative efforts to mitigate and remediate were started. Proactive blocking of potential attempts to perform the exploit were put in place and patching processes were worked on through the weekend. Most actions were transparent but in some cases specific notifications were sent to alert of any downtime. At this time our scanning tool vendor has supplied a signature for the vulnerability, and we are scanning our systems to confirm the issue is remediated and nothing negative has been realized. We recognize the importance of service availability and security and we will continue to monitor the issue to protect Tangoe and our customers from potential harm. Please direct any requests for additional information via your normal support process and it will be addressed by the Tangoe Security team. Thank you for selecting us as your provider to simplify, manage and optimize your technology expenses and programs with our industry leading technology and services. Sincerely, IT Production Support [email protected]