The Log4j vulnerability (CVE-2021-44228, CVE-2021-45046) is a critical vulnerability (base score of 10 according to CVSS 3.1) in the Log4j library used in a large number of java framework-based systems, which facilitates application logging.
This vulnerability allows a malicious user to execute malicious code remotely on the vulnerable platform. Version 2 of Log4j, between versions 2.0-beta-9 and 2.15.0, is affected.
InfoCert, like most enterprise companies that use JAVA as their primary programming language, makes extensive use of it.
Since this vulnerability was made public, a permanent War Room was set up at InfoCert, with all of our DevOps and cybersecurity experts in constant contact, as well as the Service Owners of all of our services, in order to make timely decisions that then allowed us to fully secure the entire IT infrastructure.
To date, there have been many continuous attacks aimed at exploiting this vulnerability, but all have been unsuccessful thanks to the following actions that have been taken promptly:
- constant monitoring of our application logs thanks also to the strategic support of our SOC which manages our SIEM;
- total closure of outbound traffic except for traffic generated by applications recognized by our systems. Thanks to this very quick shutdown we closed the door to all attackers;
- activation of WAF (Web Application Firewall) on all cloud based services, to block at the source incoming http traffic trying to exploit the vulnerability;
- mapping and patching of all libraries considered vulnerable used by our software and third-party software.
We will provide updates as necessary, but at this time we believe our environment is adequately protected against this vulnerability.
If you have any questions, please feel free to contact our support team.