Apache Log4j Vulnerability Update

SEON has been analyzing the impact of the recently published Apache Log4j2 vulnerability, CVE-2021-44228. 

Log4j is an open-source Java logging library developed by the Apache Foundation and is widely used in many Java-based applications.

At this time of writing (December 2021) SEON is not aware of any impact on the confidentiality, integrity, or availability of our services, nor have we experienced any degradation in the overall security of those services as a result of this vulnerability.

With this in mind, we’ve taken extra precautionary steps to keep our customers safe. Our security team performed the following steps to prevent any impact on our services.

1. Performed analysis and remediation of the issue on the 9th of December
2. Our team systematically went through all the potentially vulnerable components
3. We setup a firewall configuration made to automatically block traffic that might be connected to the exploitation of the vulnerability
4. Our security team will continue to be monitoring the situation 

To conclude, our investigations showed that no customer data or critical infrastructure was impacted by the vulnerability. 

If you do have any other questions, please feel free to contact us – info@seon.io or get in touch with one of our team.