On December 10th a new software vulnerability (published as CVE-2021-44228) was discovered affecting a well-known java logging library (Log4j). Because of the ease of exploiting this vulnerability, as well as the potentially large impact on confidential information (depending on how this java component is implemented), the vulnerability was rated as “critical” by all the security industry’s vulnerability watchers.
On December 10th, the LOGEX Infrastructure & Security team was able to conclude that none of the deployed LOGEX applications (including LOGEX Costing, Prodacapo Costing, Ecomed, and DRG) were affected by the vulnerability, meaning at no time confidential information from LOGEX clients was at risk of being unlawfully disclosed.
For more information feel free to reach out to our Information Security Officer Laurens van Oijen.