FibriCheck is aware of the Log4j zero-day vulnerability in the Java logging framework. This vulnerability is being tracked as CVE-2021-442281/2 and currently has the highest severity score [10/10]. Therefore our technical team immediately started an internal investigation, on Saturday, December 11th.
The team confirms that customers and their data are currently not affected by this vulnerability.
During this investigation we have confirmed that although Java is used in our application, none of the services of FibriCheck are currently using Log4j as its logging mechanism. The CVE3 does not have an effect on the FibriCheck codebase and remediation is not needed.
We are currently monitoring all our 3rd party service suppliers to ensure that their services are also not impacted and are patched immediately where needed.
If you need additional details or assistance, please contact the FibriCheck technical support team at support@fibricheck.com.
At FibriCheck, we have always had and continue to have the highest standards when it comes to customer data security.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- CVE is the common term that stands for “Critical Vulnerability and Exposures”
Created on December 14th, 2021 at 01:07 pm