To all customers using TEAMS-RDS, following versions use vulnerable versions of Apache Log4net and are affected by CVE-2018-1285:
Vulnerability is limited to Windows versions of TEAMS-RDS only. Apache Log4net was used in a single purpose utility used when clicking on:
- Start -> Programs -> TEAMS-RDS -> Start TEAMS-RDS Services
- Start -> Programs -> TEAMS-RDS -> Stop TEAMS-RDS Services
We recommend that all customers update to TEAMS-RDS 12.5.5.
If upgrading to 12.5.5 is not possible, please contact support to discuss alternative remediation strategies.