On the night of December 11th, 2021, a security vulnerability in the software module log4j for Java became known worldwide. The BSI and leading IT security organizations have assigned a CVSS value of 10 to the vulnerability, which is the highest level.

The Sdui app and underlying components including our backend systems as well as Sdui Meet do not use the affected module and are therefore not susceptible to the vulnerability. We provided our internal services with updates on Sunday after the vulnerability became known.

First published: 13/12/2021
Last status: 13/12/2021

Statement from the BSI:
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnung/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=6