Overview

On December 9, 2021, a new vulnerability was announced in a software package commonly used by many web applications. The vulnerability enables a malicious party to remotely execute commands on a vulnerable system.

Background

Many large companies globally, including Everbridge Nixle, use a set of services from Apache Software Foundation that provide the framework for web applications. The Apache framework includes many components used to build web applications. One of those components is Log4j, which provides logging services within an application. A new vulnerability has been discovered in Log4j that enables an attacker to execute arbitrary commands on an affected system.

Assessment

The security of Everbridge products is our highest priority. After extensive investigation by Everbridge Security teams, we have confirmed that the Nixle application is NOT leveraging the Log4j component and your Nixle account is completely secure from this vulnerability.