Thinstuff releases are NOT affected by Log4j RCE vulnerability.
We can assure our customers that Thinstuff software is not affected by the recently discovered Apache CVE-2021-44228 (Log4j) vulnerability nor does it use any of the affected libraries. Log4j is a library that is used by Java applications only.
TSX Gateway connects the RDP protocol with the HTTPS protocol to provide a secure connection to XP/VS Server without any Java application needed. These users simply use a modern Remote Desktop Client (recommended) to connect to their Remote PC.
What is the Log4j vulnerability?
On 9th December 2021, Apache Foundation released a new zero-day vulnerability for Apache Log4j tracked under an emergency update for a critical zero-day vulnerability in Log4j, a logging tool included in almost every Java application. The issue has been named Log4Shell and received the identifier CVE-2021-44228.
The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something other manufactures with an application containing Log4j need to immediately pay attention to.