As has been widely reported in the press during recent days, a new vulnerability (referred to as CVE-2021-44228) in the Apache Log4j library has been discovered. Apache Log4j library is widely used by many different companies of various size and in different sectors. The vulnerability may be exploited by allowing the unauthorized users to potentially access and take control of remote systems of the Apache log4j users. Adform, among other global organizations, was subject to this potential vulnerability. For more information on this, please see the recent press articles below.
At Adform we have become aware of this vulnerability as of Friday, 10th of December. Since then, Adform internal security teams together with the external security consultants have been actively investigating and working on implementing mitigating measures to counteract this issue.
Today we can confirm that our external consultant PaloAlto has already conducted the necessary and appropriate updates to our systems which in result mitigated the security risk. Therefore, we are now confident that the security risk caused by this external vulnerability is minimal.
Nevertheless, we continue to monitor the situation to ensure that we can timely mitigate any possible risks related to this vulnerability.
Please further note that the log4j vulnerability is in no way related to the recent cyber security incident that affected Adform’s internal IT systems on December 8th, 2021. More information regarding the cyber security incident can be found here.
--------------------------------------------
Recent Press Articles Related to Log4j Library :
https://edition.cnn.com/2021/12/11/politics/dhs-log4j-software-flaw-warning/index.html