AVANSER: Log4j Information Disclosure
This article refers to the Log4j Vulnerabilities discovered in December 2021.
More information about the vulnerabilities can be found at the link below.
Security Advisory
AVANSER constantly reviews Security Bulletins to ensure any relevant Security Adivsory disclosed is addressed in a timely manner.
This includes, but is not limited to, Australian's Cyber Security Portal, CISA Portal, Mitre's Portal and CVE Portal.
About Log4j Vulnerabilities
AVANSER does not use Log4j in its core infrastructure.
This vulnerability does not affect AVANSER's Core Systems.
Please refer to the following table as a reference:
Product | Status |
Call Handling Systems | Not Affected |
ARTIC | Not Affected |
Post-Call Processing | Not Affected |
| 3rd Party Integrations | Not Affected |
AVANSER Legacy Portal | Not Affected |
AVANSER Customer Portal | Not Affected |
Click 2 Call | Not Affected |
Dialler | Not Affected |
SIP Service | Not Affected |
AVANSER AMICA App | Not Affected |
AVANSER App | Not Affected, End of Life (No Futher Support) |
Web API | Not Affected |
| Telco API | Not Affected |
User API | Not Affected |
3rd Party Software
AVANSER uses 3rd Party Software in maintaining and handling the AVANSER infrastructure.
These 3rd Party Software applications are not exposed to the internet and are not reachable without an Administrative Access to AVANSER Servers.
None of the Systems that required mitigation were reachable without Secure Connections.
Secure Connections to AVANSER Servers are provided only to AVANSER technical personnel.
AVANSER has undergone an extensive review of the 3rd Party Software and where the vulnerability was identified the following steps have been performed to ensure security:
- Review of each 3rd Party Software AVANSER uses: Performed.
- Assess if the systems were exposed to the internet without Administrative Access and Secure Connection: None Affected.
- Assessment of Log4j Vulnerability: Performed.
- Engaged the 3rd Party Supplier to confirm the presence of the vulnerability: Performed.
- Escalated to their Technical Support to detail mitigation procedures: Performed.
- Undergone 3rd Party Supplier mitigation processes: Performed.
Related Articles
Reports: Call Log - Filters and Data Access
The Call Log is the list of all calls received on your tracking numbers for the selected period. Viewing the data The standard view for the call log provides a list of call details. It can be customised as per requirements (see Personalising Fields ...AVANSER Telco API - Product Outline and Examples
Understanding AVANSER number stock When automating number provisioning it is important to know your inventory configuration. Your inventory is managed by Country; each Country has different number classes available for your tracking needs. Number ...AVANSER API and Third Party Integration
There are two main ways to integrate with 3rd Party APIs: 1. WebAPI: The documentation is available here: https://avanserwebapi.docs.apiary.io/ Test system information: The test environment isavailable at https://api.test.avanser.com/JSON/ 2. HTTP ...AVANSER API Services Quick Reference Summary
Summary The Objective of this document is to outline the various APIs AVANSER offers for both collection of data and remote service interaction. Individual documentation for all APIs is available in the table below: API Link Telco API Enables the ...Dynamic Numbers: Installing jQuery - Required by AVANSER Tag Manager
Installing jQuery Library is not required if you are using Dynamic Numbers' Automated Number Replacement or you are not using AVANSER Tag Manager. The AVANSER Tag Manager allows you to set rules for your website that dynamically adds span tags to the ...