Update Jan 12, 2022: Bucher + Suter and all third-party products that were previously described as vulnerable have now made patches or updates available. All Bucher + Suter customer patches requested in 2021 have now been applied. Those customers who requested patching in 2022 for operational reasons are underway or scheduled at the customers’ request.
This is the final update of this article! For more information, please reach out to your account manager or get in touch with Bucher + Suter Customer Service via the link below.
Dear customers, partners, and community at large,
A serious security vulnerability was discovered last week (correct as of Dec 15, 2021) that puts many systems worldwide at risk. Since a large number of attacks are already taking place that exploit this gap, it is necessary to act immediately. With this notice, we’re officially informing you about the measures we have taken to ensure the continued trouble-free operation of our products and services.
Vulnerability description
Log4j is a popular logging library for Java applications. It is used in the high-performance aggregation of application log data. Below you will find links with further information:
Countermeasures
As soon as Bucher + Suter learned about the Log4J (CVE-2021-44228) zero-day vulnerability, we applied targeted prevention and detection procedures.
Remediated Products
Update Jan 12, 2022: All Bucher + Suter and third-party vendor remediations (patches/workarounds) have been applied, are underway, or are scheduled at the customers’ request.
b+s Products
- b+s Condoor
- b+s HostLink for Webservices
- b+s SMC (Condoor based Agent Management Module)
- b+s TAO
Bucher + Suter third-party partner products
- Cisco List of Affected Products
- A helpful resource from Cisco on understanding the impact of the Apache Log4j vulnerability on Cisco Contact Centers is available here.
Products Confirmed NOT Vulnerable
b+s Products
- b+s AppLink for Avaloq
- b+s EventLogView
- b+s Connects for MS Dynamics
- b+s Connects for Oracle Service Cloud
- b+s Connects for Salesforce
- b+s Connects for SAP CRM / SAP C4C
- b+s Connects for ServiceNow
- b+s Connects for Siebel
- b+s Fusion
- b+s IVR
- b+s Reports for CUIC
- b+s SMC
- b+s HostLink SQL / SMC / CTI
Bucher + Suter third-party partner products
- Calabrio Teleopti WFM
- Cognigy
Remediated Services
Update Jan 12, 2022: All ‘b+s Cloud Services’ (UCaaS and CCaaS) customers whose deployments use any affected Cisco or other third-party products have had those products patched.
- b+s Cloud Services (UCaaS and CCaaS) services
Mitigating steps undertaken (Updated Jan 12, 2022)
- We identified the affected products and installed patches where required. As of Jan 12, 2021, more than 90% of customers with vulnerable products have had their instances remediated.
- Bucher + Suter customers who approved the patches in 2021 have had those patches installed over the holiday period without severe disruption to their operations. Thank you to those who assisted in the actioning of those steps.
- Bucher + Suter customers who requested that their systems be patched or updated in 2022 for operational reasons are currently underway or scheduled at the customers’ request.
As always, if you require any support or need more detailed information, we will be happy to help.
Kind regards,
Bucher + Suter
