Late last week security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for Java applications. CVE-2021-44228 scores the maximum 10.0 on the Common Vulnerability Scoring System (CVSS) due to a combination of how trivial the exploit is and the potential for significant damage. We have been busy working through the list of software all our clients have to see which software vendor have released information as to if their products are affected.
Fortunately, most systems that we manage are not accessible from the internet so the likelihood of a vulnerable system/software being compromised is low. However as patches and mitigations are being announced we have begun patching.
If you have any cloud provided solutions that we do not manage, it might be worth asking the provider for some reassurance that their systems aren’t affected or have been patched.
Should you have any concerns please don’t hesitate to raise a ticket via firstname.lastname@example.org.< Back