Several critical Log4j vulnerabilities have been announced by Apache. What follows is a status of the impact of those vulnerabilities within our products and services. The information is drawn from partner websites and ongoing conversations with those vendors. We are constantly monitoring this situation and will keep this information updated periodically. If you have a question about a specific product, whether it is listed in the attachment or not, please contact your service delivery manager, account representative, or contact support.
Log4j is a software library, published and maintained by the Apache Foundation, which is used as a component logging framework inside other IT products and software.
There are four vulnerabilities detailed here: https://logging.apache.org/log4j/2.x/security.html?s=09
Thousands of commercial and open-source IT products are affected by these vulnerabilities. More information, including lists of affected products, and guidance on how to mitigate the vulnerability and detect exploitation, are available from the US Cybersecurity & Infrastructure Agency (CISA) at https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance. Additional resources:
CISA’s list of affected software: https://github.com/cisagov/log4j-affected-db
NCSC’s list of affected software: https://github.com/NCSC-NL/log4shell/tree/main/software
CIS’ flowchart on this advisory: https://www.cisecurity.org/log4j-zero-day-vulnerability-response/
CBTS has undertaken an initial review of our products and services and is mitigating vulnerabilities as remediations become available.
If you have a question about a specific product, whether it is listed in the attachment or not, please contact your service delivery manager, account representative, or contact support.
Please contact your service delivery manager, account representative, or contact support.
If you need additional help within your IT environment, our security experts are here to help assist. Please visit https://www.cbts.com/security/ to request support.