Apache Log4j vulnerabilities & Zylpha products

You may have seen recent press coverage about Apache Log4j vulnerabilities.

Our response:

All our integrations components are .net based and none use log4j components at all so are unaffected by this vulnerability.
We’re not able to confirm whether any suppliers of services you integrate into use the log4j components though and you will need to get a specific confirmation from them directly.

About the Apache Log4j vulnerability

The problem revolves around a bug in the Log4j library that can allow an attacker to execute code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something anyone with an application containing Log4j needs to immediately pay attention to.

This is made more difficult by the fact that Log4j is a library that is used by many Java applications. It’s one of the most widely used Java libraries to date. Most Java applications log data, and Log4J is pretty much the standard library to use.

The challenge here is finding Log4j because of the way Java packaging works. It’s possible that you could have Log4j hiding somewhere in your applications and don’t even know it.

Links:

National Cyber Security Centre article

Google online security article

Infoworld article

Create secure court document bundles quickly & easily, for FREE