IMPORTANT NOTE: This article has been updated to reflect additional instructions:
If your VidyoPortal is version 21.2.x - 21.4.x, it is necessary to reboot your VidyoPortal after applying this patch.
If you did NOT reboot your VidyoPortal, and it is between versions 21.2.x - 21.4.x, there is a chance an internal Tomcat service has stopped running, and can only be restored with a reboot.
A single reboot will permanently fix the condition that caused it to stop.
If you rebooted your VidyoPortal after applying Update_VP1920_or_above_Patch-CVE-2021-44228-and _45046-G2signed.vidyo, you do not have to take any actions.
Enghouse Vidyo is aware that another security vulnerability identified as, CVE-2021-45046, has been found in Apache Log4j and could allow remote code execution on servers. Apache Log4j is an open-source Java logging library widely used in many enterprise applications and numerous cloud services. For more information about the Apache Log4j vulnerabilities, see this article and the official CVE-2021-4506 article.
Vidyo takes security very seriously and treats this issue with the utmost priority. While there has been no successful exploitation of this attack on Vidyo servers, Vidyo has released a patch that mitigates this risk.
VidyoPortal version 21.4.x or earlier.
Enghouse Vidyo has released a security patch to the VidyoPortal to mitigate this risk on the VidyoPortal. It is required to reboot your VidyoPortal after applying this patch!
What actions can I take?
Customers on VidyoPortal 21.1.x or earlier who HAVE applied the CVE-2021-44228 update DO NOT need to apply this patch.
Customers on VidyoPortal 21.1.x or earlier who HAVE NOT applied the CVE-2021-44228 update SHOULD APPLY this patch. It is required to reboot your VidyoPortal after applying this patch!
Customers on VidyoPortal 21.2.x or later who HAVE applied the CVE-2021-44228 update SHOULD APPLY this patch. It is required to reboot your VidyoPortal after applying this patch!
Customers on VidyoPortal 21.2.x or later who HAVE NOT applied the CVE-2021-44228 update SHOULD APPLY THIS PATCH ONLY. It is required to reboot your VidyoPortal after applying this patch!
If you are an on-premises customer, Enghouse Vidyo strongly advises you to immediately update your VidyoPortal software as listed in the following table. Downloads are available from thePortal and Router Packagespage.
If you are a cloud customer, you don’t need to take any action. We are in the process of applying the update for you. Please refer to the notifications you receive from theVidyoCloud Status pagefor the most current information.
If you need help, contact your Vidyo Reseller or contact the Vidyo Support Team via email or phone at the locations listed in theContact Usarticle