Apache Software Security Advisory (Notified's status update is in comments)

Apache Software Security Advisory (Notified's status update is in comments)

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

1 comment
  • Apache Software Security Advisory:

    Notified has been actively tracking the Apache Software security advisory to address a remote code execution vulnerability, known as Log4Shell (CVE-2021-44228), affecting Log4j versions 2.0-beta9 to 2.14.1. Following the recommendations from the Cybersecurity & Infrastructure Security Agency (CISA), Notified has taken the following actions:

    1. Our vulnerability scanning program operates on a 24-hour cycle across our entire perimeter. No external instances of Log4Shell have been enumerated.

    2. The Notified SOC has elevated the priority to any Apache related system regardless of the presence of Log4Shell.

    3. The perimeter WAF has been updated to actively block the Log4Shell vulnerability following the guidance of the manufacturer.

    4. We are actively monitoring threat feeds and information provided by software manufacturers to validate our on-premises and cloud-based software is updated if appropriate.

    At this time Notified is not aware of any compromise or exploits of this vulnerability being applied to our applications, products, or infrastructure. Should there be any changes we will updated our partners and customers as appropriate.

    CISA Statement https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability

    0
    Comment actions Permalink

Please sign in to leave a comment.