Apache Log4j Vulnerability

As you may be aware – a vulnerability has been identified within the Apache Log4j tool. It is being tracked under https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228. Log4j is a logging tool created by Apache and widely in use across various organizations.

Our security team has conducted a full impact assessment and have found no evidence of successful exploitation. The only service we host that is vulnerable, and has been patched is our private Unifi controller service.

Customers with managed security services, monitoring and patching services will be scanned for this vulnerability. If you have any questions, please reach out to us.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

Huntress Blog: https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java

Published on December 13, 2021