smart-Tecs Response to Log4J Vulnerability
December 17, 2021
On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-4428) for Apache Log4j. This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remoted Code Execution with system-level privileges. As of December 15, 2021, a new vulnerability has been amended as (CVE-2021-45046) which has been addressed in the latest patch for Log4j 2.16 (for users requiring Java 8 or later).
Smart-Tecs technology teams are engaged in a comprehensive review of our information technology environment to identify and remediate exposure to the disclosed vulnerability in the Log4j utility. Smart-Tecs is working with our partners and 3rd party vendors by conducting extensive vulnerability assessments against any internet facing-system and internal systems to identify if any platform is running software that includes a vulnerable version of this utility.
As of December 17, 2021, smart-Tecs has not identified any vulnerable systems and/or malicious code in our products or environment.
Our information technology, security engineering, and application development teams are assessing and monitoring new developments as new information is received. The above information is based upon discoveries to date and is subject to change as circumstances evolve.