What do I need to know about Log4Shell?
Over the weekend of the 11th December 2021, information started to circulate regarding a high severity security vulnerability (known as CVE-2021-44228) in the Java-based Log4j logging framework.
This vulnerability can potentially give an untrusted source the ability to perform Remote Code Execution (RCE) on a vulnerable system by sending it a specially designed string of characters.
This type of vulnerability is particularly serious, and has affected many software providers and software products.
Is Elucidat affected?
At Elucidat, we don't use Java to build our software. As such, our app is not impacted by this vulnerability.
The only embedded Java we use is a tool called Jenkins and this does not have Log4j installed. It is also contained within a VPN.
We also use Cloudflare, which offers an additional layer of protection.
We've used the Common Vulnerabilities and Exposures (CVE) database to scan the images our applications are built upon and found no sign of Log4j.
However, to protect our customers, our team is constantly assessing the products and services used around our business and we are in touch with our suppliers to assess any potential impact. There is currently no impact detected on our systems, and customers do not need to take any action in regards to their Elucidat projects.
We are continuing to monitor the situation closely and will provide any further updates as necessary. In the meantime, if you have any specific questions or concerns, please feel free to contact us at firstname.lastname@example.org.