Apache log4j vulnerability

Posted by Nick Jacobs on 16 Dec

winman-news

Following the disclosure of the Apache Log4j 2 (CVE-2021-44228) vulnerability, we would like to reassure all of our users
that none of the WinMan products or services use Apache Log4j.


What is Apache Log4j 2?

Marketing-HS-News-Apache Log4j 2 (CVE-2021-44228) vulnerability-2021-12

It’s referred to as “Log4Shell” and is a logging library widely used or directly embedded in open-source business system development software, affecting Java-based applications from versions 2.0 to 2.14.1.

Where is the vulnerability?

It’s in a Java library, which means it can affect many platforms including Windows, macOS and Linux. Advice, linked below, advises you to contact all vendors to ensure they are running the latest version.

How to safeguard against the vulnerability?

The issue reported is that the library is failing to validate incoming data.
So Microsoft has released two new versions 2.15 and 2.16, the first tackles the security issues and disables the Java library’s default exploitability
functionality, via JNDI message lookups. The second, version 2.16 disables all support by default and removes the message lookup entirely as an extra precaution.

If you have systems outside of WinMan ERP which may be affected, please have the provider of those services follow the steps outlined
in the official Microsoft blog here.

Topics: WinMan News

Sign up to our newsletter

The information contained in this website is for general information purposes only. The information is provided by WinMan and whilst we endeavour to keep the information up-to-date and correct, it is subject to change or withdrawal at any time. Personal details: When you request further information about WinMan, subscribe to our blog or leave a comment we collect personal details from you, including information such as your name and address. This information is needed in order to satisfy your request however the majority of this data we request is not compulsory and may be omitted if desired. For more information please see our full privacy and cookies policy.

WinMan's Covid-19 Service Update...

Get in touch

Call today:

844 532 6377

Mon - Fri 8.30AM - 5.00PM


or submit an enquiry: