IT-Security Distribution AUSTRIA

Log4j Vulnerability

Referenzen

The GFI development team is reviewing our products for use of Log4j.
 
A function of Kerio Connect utilizes Log4j, and a recommended mitigation is identified below. 
If we identify any additional recommended mitigations, we will provide a follow up communication. 
 
Kerio Connect vulnerability mitigation
 
Log4j is used in Kerio Connect as part of the chat function. We recommend that all Kerio Connect users temporarily disable the chat function in the software.
To disable chat in Kerio Connect:
 
1. Go to Configuration. 
2. Click on Domains. 
3. Double-click on the desired domain. 
4. Find the “Chat” section on the General tab. 
5. Deselect the “Enable chat in Kerio Connect Client.” option. 
6. Repeat the above steps for all of your email domains.