Do the Log4j/Log4Shell vulnerabilities affect RealVNC services/clients?

Follow

We can confirm that the VNC Connect client software (VNC Server and VNC Viewer) do not use Java or the Log4j component and are therefore unaffected by the following CVEs:

  • CVE-2021-44228
  • CVE-2021-45046
  • CVE-2021-4104
  • CVE-2021-45105
  • CVE-2021-44832

No action is required to be taken by our customers.

Some RealVNC Cloud Services had sub-dependencies which include Log4j and although these were not exploitable, mitigations for CVE-2021-44228 have been implemented. The related CVE-2021-45046, CVE-2021-4104, CVE-2021-45105 and CVE-2021-44832 have been assessed and do not affect RealVNC services.

Since we expect the situation to continue to evolve, we will continue to monitor our environment and apply any additional recommended mitigations.

This article will be updated as necessary.

Article update history:

  • 30-Dec-2021: Added CVE-2021-44832 
Was this article helpful?
37 out of 41 found this helpful

Comments

0 comments

Article is closed for comments.