AVANSER Log4j Information Disclosure

AVANSER: Log4j Information Disclosure

This article refers to the Log4j Vulnerabilities discovered in December 2021.
More information about the vulnerabilities can be found at the link below.

Security Advisory

AVANSER constantly reviews Security Bulletins to ensure any relevant Security Adivsory disclosed is addressed in a timely manner.
This includes, but is not limited to, Australian's Cyber Security PortalCISA PortalMitre's Portal and CVE Portal

About Log4j Vulnerabilities

AVANSER does not use Log4j in its core infrastructure.
This vulnerability does not affect AVANSER's Core Systems.
Please refer to the following table as a reference:
Call Handling Systems
Not Affected
Not Affected
Post-Call Processing
Not Affected
3rd Party Integrations
Not Affected
AVANSER Legacy Portal
Not Affected
AVANSER Customer Portal
Not Affected
Click 2 Call
Not Affected
Not Affected
SIP Service
Not Affected
Not Affected
Not Affected, End of Life (No Futher Support)
Not Affected
Telco API
Not Affected
User API
Not Affected

3rd Party Software

AVANSER uses 3rd Party Software in maintaining and handling the AVANSER infrastructure. 
These 3rd Party Software applications are not exposed to the internet and are not reachable without an Administrative Access to AVANSER Servers. 
None of the Systems that required mitigation were reachable without Secure Connections.
Secure Connections to AVANSER Servers are provided only to AVANSER technical personnel.
AVANSER has undergone an extensive review of the 3rd Party Software and where the vulnerability was identified the following steps have been performed to ensure security:
  1. Review of each 3rd Party Software AVANSER uses: Performed.
  2. Assess if the systems were exposed to the internet without Administrative Access and Secure Connection: None Affected.
  3. Assessment of Log4j Vulnerability: Performed.
  4. Engaged the 3rd Party Supplier to confirm the presence of the vulnerability: Performed.
  5. Escalated to their Technical Support to detail mitigation procedures: Performed.
  6. Undergone 3rd Party Supplier mitigation processes: Performed.

    • Related Articles

    • Reports: Call Log - Filters and Data Access

      The Call Log is the list of all calls received on your tracking numbers for the selected period. Viewing the data The standard view for the call log provides a list of call details. It can be customised as per requirements (see Personalising Fields ...
    • AVANSER Telco API - Product Outline and Examples

      Understanding AVANSER number stock When automating number provisioning it is important to know your inventory configuration. Your inventory is managed by Country; each Country has different number classes available for your tracking needs. Number ...
    • AVANSER API and Third Party Integration

      There are two main ways to integrate with 3rd Party APIs: 1. WebAPI: The documentation is available here: https://avanserwebapi.docs.apiary.io/ Test system information: The test environment isavailable at https://api.test.avanser.com/JSON/ 2. HTTP ...
    • AVANSER API Services Quick Reference Summary

      Summary The Objective of this document is to outline the various APIs AVANSER offers for both collection of data and remote service interaction. Individual documentation for all APIs is available in the table below: API Link Telco API Enables the ...
    • Dynamic Numbers: Installing jQuery - Required by AVANSER Tag Manager

      Installing jQuery Library is not required if you are using Dynamic Numbers' Automated Number Replacement or you are not using AVANSER Tag Manager. The AVANSER Tag Manager allows you to set rules for your website that dynamically adds span tags to the ...