Apache Log4j vulnerabilities & Zylpha products

You may have seen recent press coverage about Apache Log4j vulnerabilities.

Our response:

All our integrations components are .net based and none of them use log4j components at all, so are unaffected by this vulnerability.
We are not able to confirm whether any suppliers of services you integrate into use the log4j components though, therefore you will need to get a specific confirmation from them directly.

About the Apache Log4j vulnerability

The problem revolves around a bug in the Log4j library that can allow an attacker to execute code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something anyone with an application containing Log4j will need to immediately pay attention to.

This is made more difficult by the fact that Log4j is a library that is used by many Java applications. It is one of the most widely used Java libraries to date. Most Java applications log data, and Log4J is pretty much the standard library to use.

The challenge here is finding Log4j because of the way Java packaging works. It is possible that you could have Log4j hiding somewhere in your applications and you don't even know it.

Useful links:

National Cyber Security Centre article

Google online security article

Infoworld article

Create a secure court bundle online, quickly & easily for FREE