Tangoe Security Maintenance Notification - December 11th

Update timeline

1. resolved Dec 11, 2021, 08:27 PM UTC

   Dear Tangoe Client, We are writing to inform you that Tangoe is aware of the security vulnerability recently identified in the Apache Log4j Framework. Tangoe IT Security learned of the situation on Friday, December 10, 2021 after Apache published the vulnerability. This vulnerability, if exploited, could allow unauthenticated remote code execution as the user running the application utilizes the Java logging library. Upon learning of the vulnerability, the Tangoe teams took immediate preventative actions by updating our firewall to specifically defend against an attack and this vulnerability while we work with the vendor on specific patching and long term remediation. The actions we have taken should be transparent to you in your regular interactions with Tangoe and use of our applications. We recognize the importance of service availability and security and we will continue to monitor the situation closely and keep you informed of any relevant updates. What is Apache Log4j? Apache Log4j is a very popular Java-based logging utility commonly used with Java applications. Where can I find more information about this vulnerability? You can lean more at: Log4j – Apache Log4j Security Vulnerabilities Thank you for selecting us as your provider to simplify, manage and optimize your technology expenses and programs with our industry leading technology and services. Sincerely, IT Production Support [email protected]