Does the Log4j security vulnerability pose a risk to my RecTrac applications?
Problem
Does the Log4j security vulnerability pose a risk to my RecTrac applications?
Solution
The following communication is in relation to the recently discovered Apache Log4j Remote Code Execution Vulnerability CVE-2021-4428. This critical vulnerability was identified on Thursday 12/09/2021 and impacts a commonly used java library named Log4j.
Vermont Systems has undertaken an initial review of both its corporate network as well as its various product offerings to assess the impact of the vulnerability. We have prepared the following information for our customers both hosted and on-premises:
Hosted:
At this time, we have identified no impact to our hosted services. Impacted versions of Log4j are not currently in use by our Vermont Systems application suite or platform.
As an additional benefit of being a hosted customer, traffic to our services is inspected by a Web Application Firewall (WAF). New rule sets were in place by 9:15 AM ET on 12/10/2021 that immediately began providing protection by blocking any inbound traffic matching the Log4j exploit patterns, preventing this zero-day vulnerability from even reaching our hosted networks.
On-Premises:
At this time, we have identified no impact to our on-premises application offerings. Impacted versions of Log4j are not currently in use by our Vermont Systems application suite or platform.
The security of our products and network are a top priority and we will continue to communicate any additional updates or mitigations if necessary.