Optima is aware of the Apache log4j vulnerability CVE-2021-44228. Like many of our peers, we have been responding to Log4j RCE (Remote Code Execution) vulnerability questions. Customers are seeking re-assurance that Optima products and services do not pose a threat.

Years ago we deliberately chose not to use Java as a core part of any of our products. We have always followed best/recommended security practices to ensure our products remain safe. Optima also periodically reviews dependencies on other software components that might be used to deliver our product offerings as well as our on-line services.

We want all our customers to be aware that our software does NOT employ log4j.

The scope of this statement covers all versions of our services and software including:

• embedded firmware running in all Optima hardware products
• Optima Remote Commander Client
• Optima Remote Commander Server
• Optima Remote Commander Server – Management Console
• Optima License Server
• Optima NMS
• Optima Embedded Firmware Server
• Optima RIO xR3 Front End Application
• Optima NEXUS nano Front End Application
• Optima On-Line Services (Cloud Storage, Library, HELPdesk)

If you have any additional questions or concerns, please contact your designated Optima Support specialist.