Difference between revisions of "Log4j"

From E-fileWiki
Jump to navigation Jump to search
Line 8: Line 8:


'''Current Situation:'''  
'''Current Situation:'''  
The security of Fundsquare’s products (available on e-file.lu and fundsquare.net) and our customer’s safety is a top priority. In response to this vulnerability, Fundsquare has taken immediate action to proactively address any critical vulnerability affecting our products and solutions containing the Log4j software library.  
The security of Fundsquare’s products (available on e-file.lu and fundsquare.net) and our customer’s safety is a top priority. In response to this vulnerability, Fundsquare has taken immediate action to proactively address any critical vulnerability affecting our products and solutions containing the Log4j software library.  



Revision as of 08:21, 14 December 2021

Fundsquare’s Response to CVE-2021-44228 Apache Log4j


Updated 14 December 2021 07:00 CET (GMT+1). We will continue to update this page as more information becomes available.

On 9 December 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell”. This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. Apache Log4j is java software widely used by many companies for logging purposes. It is often included or bundled with third-party software packages. This vulnerability exists in Log4j versions 2.0 through 2.14 and if exploited, allows an attacker the ability to remotely access and control systems where the software resides.


Current Situation:

The security of Fundsquare’s products (available on e-file.lu and fundsquare.net) and our customer’s safety is a top priority. In response to this vulnerability, Fundsquare has taken immediate action to proactively address any critical vulnerability affecting our products and solutions containing the Log4j software library.

Upon notification of the Log4j vulnerability report our Security Team initiated investigations in accordance with our incident response processes. Fundsquare followed the guidance issued to all Log4j customers in addition to following our internal processes for investigation, forensics analysis, and threat mitigation. Fundsquare will continue to remain vigilant regarding all aspects of this challenging and evolving situation.

At this time, there have been no successful exploits observed in Fundsquare products, solutions or in the Fundsquare environment. This page will be updated on an ongoing basis to reflect most current status.

Fundsquare also plans to provide answers to common questions on this webpage. It should be considered the single source of current, up-to-date, authorized, and accurate information from Fundsquare.

Should you require additional information, please do not hesitate to contact our Client Service and Operations Desk at cso.desk@fundsquare.net