News & Events

Category

News

Date

January 12, 2022

Share

Update: Bucher + Suter Statement on Log4j Vulnerability

Update Jan 12, 2022: Bucher + Suter and all third-party products that were previously described as vulnerable have now made patches or updates available. All Bucher + Suter customer patches requested in 2021 have now been applied. Those customers who requested patching in 2022 for operational reasons are underway or scheduled at the customers’ request.

This is the final update of this article! For more information, please reach out to your account manager or get in touch with Bucher + Suter Customer Service via the link below.

Dear customers, partners, and community at large,

A serious security vulnerability was discovered last week (correct as of Dec 15, 2021) that puts many systems worldwide at risk. Since a large number of attacks are already taking place that exploit this gap, it is necessary to act immediately. With this notice, we’re officially informing you about the measures we have taken to ensure the continued trouble-free operation of our products and services.

Vulnerability description

Log4j is a popular logging library for Java applications. It is used in the high-performance aggregation of application log data. Below you will find links with further information:

Countermeasures

As soon as Bucher + Suter learned about the Log4J (CVE-2021-44228) zero-day vulnerability, we applied targeted prevention and detection procedures.

Remediated Products

Update Jan 12, 2022: All Bucher + Suter and third-party vendor remediations (patches/workarounds) have been applied, are underway, or are scheduled at the customers’ request.

b+s Products

  • b+s Condoor
  • b+s HostLink for Webservices
  • b+s SMC (Condoor based Agent Management Module)
  • b+s TAO

Bucher + Suter third-party partner products

Products Confirmed NOT Vulnerable

b+s Products

  • b+s AppLink for Avaloq
  • b+s EventLogView
  • b+s Connects for MS Dynamics
  • b+s Connects for Oracle Service Cloud
  • b+s Connects for Salesforce
  • b+s Connects for SAP CRM / SAP C4C
  • b+s Connects for ServiceNow
  • b+s Connects for Siebel
  • b+s Fusion
  • b+s IVR
  • b+s Reports for CUIC
  • b+s SMC
  • b+s HostLink SQL / SMC / CTI

Bucher + Suter third-party partner products

  • Calabrio Teleopti WFM
  • Cognigy

Remediated Services

Update Jan 12, 2022: All ‘b+s Cloud Services’ (UCaaS and CCaaS) customers whose deployments use any affected Cisco or other third-party products have had those products patched.

  • b+s Cloud Services (UCaaS and CCaaS) services

Mitigating steps undertaken (Updated Jan 12, 2022)

  • We identified the affected products and installed patches where required. As of Jan 12, 2021, more than 90% of customers with vulnerable products have had their instances remediated.
  • Bucher + Suter customers who approved the patches in 2021 have had those patches installed over the holiday period without severe disruption to their operations. Thank you to those who assisted in the actioning of those steps.
  • Bucher + Suter customers who requested that their systems be patched or updated in 2022 for operational reasons are currently underway or scheduled at the customers’ request.

As always, if you require any support or need more detailed information, we will be happy to help.

Kind regards,
Bucher + Suter

Contact Customer Service

Switzerland Germany USA

Let’s talk!

Global 24x7 Customer Service

Lindenpark, Lindenhofstrasse 1 CH-3048 Worblaufen / Bern

Stubenwald-Allee 19
D-64625 Bensheim

4600 S Syracuse St, 9th Floor Denver, CO 80237