Log4j or “log4shell” Security Vulnerabilities Investigation and Remediation Updates
Based on our investigation, the Log4j or “log4shell” security vulnerabilities have not been exploited in our applications. Our application code has been upgraded to resolve concerns with Log4j.
We have detection and monitoring, as part of our continuous security program, to alert us of any potential exploitation attempts.
About log4j:
For detailed information about the “log4j” or “log4shell”, including the CVE-2021-44228 security vulnerability, please visit: https://logging.apache.org/log4j/2.x/
Completed Current Investigation and Remediation Effort:
Final Update: January 10, 2022, 2pm EST
Based on our investigation, the Log4j or “log4shell” security vulnerabilities have not been exploited in our applications. Our application code has been upgraded to resolve concerns with Log4j.
Updated: January 3, 2022, 12pm EST
“Log4j” CVE-2021-44228 security vulnerability
BetterCloud Application
We have completed an analysis to identify the places where the “log4j” CVE-2021-44228 security vulnerability may exist within our applications. We have released code to mitigate and fix most of those instances and for the remaining instances we have either created workarounds to mitigate and monitor the vulnerability or are actively working to fix it. We are continuing to monitor our environment to ensure everything is working as intended and there are no other vulnerabilities.
Vendors
We are continuing to reach out to our vendors to assess the impact. We are not currently aware of any vendor who has been impacted and has not already remediated or is not actively remediating the vulnerability within their environments.
“Log4j” CVE-2021-45046 security vulnerability
BetterCloud Application
Our current analysis of our application indicates that our configurations have not been impacted by such vulnerability. We are proceeding in accordance with our vulnerability management policy for its remediation. Our application code is now upgraded to version 2.16.
Vendors
We are continuing to reach out to our vendors to assess the impact. We are not currently aware of any vendor who has been impacted and has not already remediated or is not actively remediating the vulnerability within their environments.
“Log4j” CVE-2021-45105 security vulnerability
BetterCloud Application
Our current analysis of our application indicates that our configurations have not been impacted by such vulnerability. We are continuing to monitor new developments for this vulnerability, and are proceeding in accordance with our vulnerability management policy for its remediation.
Vendors
We are continuing to reach out to our vendors to assess the impact. We are not currently aware of any vendor who has been impacted and has not already remediated or is not actively remediating the vulnerability within their environments.
“Log4j” CVE-2021-44832 security vulnerability
BetterCloud Application
Our current analysis of our application indicates that our configurations have not been impacted by this vulnerability. We are continuing to monitor new developments for this vulnerability, and are proceeding in accordance with our vulnerability management policy for its remediation.
Vendors
We are continuing to reach out to our vendors to assess the impact. We are not currently aware of any vendor who has been impacted and has not already remediated or is not actively remediating the vulnerability within their environments.
Contact Us:
If you have any questions, please contact us at security@bettercloud.com