Log4J Vulnerability

Posted on 15 Dec 2021
Post By Colin Tinto
Minute Read

On Friday, December 9, 2021, a new vulnerability was disclosed in the Apache Log4j module. This was officially identified as CVE-2021-44228, and was unusual in that it was both easy to exploit and very common across the Internet.

Immediately after the disclosure, the CitNOW engineering team checked all the production systems and confirmed that Log4j is not in used on any CitNOW production servers. Log4j is commonly used in Java applications, and the CitNOW systems are not written in Java.

Shortly after the disclosure, the CitNOW compliance started the process of contacting all of our third party suppliers to establish if they are affected. This process is ongoing, but as of Tuesday 14th December, no third parties have declared that they remain vulnerable, or that they had any evidence of any attack.

For further reassurance, the CitNOW engineering team also ran a recently released penetration test to check for the vulnerability and nothing was found.

Go Back

Twitter
LinkedIn
Email
Twitter

Log4J Vulnerability

Log4J Vulnerability

On Friday, December 9, 2021, a new vulnerability was disclosed in the Apache Log4j module. This was officially identified as CVE-2021-44228, and was unusual in that it was both easy to exploit and very common across the Internet.

Related News & Events

CitNOW Workshop and Conversations integrated into My BMW and MINI App to enhance customer communication

Connect with us at AM Live, 9th November, Birmingham

Introducing Seamless Workshop Video Functionality and Reporting with Salesforce Integration

Find Out More

Learn how we can improve your customer engagement. Get in touch with us today

Address