What is this vulnerability?
A Remote Code Execution (RCE) vulnerability was discovered in the popular Java logging library, Log4j, also referred to as Log4Shell by some outlets. This industry-wide security vulnerability allows for an unauthenticated adversary to execute code on systems that have this library deployed, by providing specific crafted content. This is a serious vulnerability that affects many software products and online services.
How does this vulnerability affect Brightidea?
Log4j/Log4Shell is not deployed within Brightidea systems and is not utilized within our system or infrastructure. All Brightidea sites are not susceptible to the Log4j vulnerability. There is no action required by any clients in regard to protecting their Brightidea sites from this vulnerability.
Where can I find more information?
Additional information on this vulnerability can be found here:
- Apache Software Foundation: Apache Log4j Security Vulnerabilities
- National Vulnerability Database: CVE-2021-44228
Comments