Solera

View Original

CVE-2021-44228 (Log4j vulnerability) Update

Solera’s Security and Global IT Operations teams are continuing to work to ensure Solera systems are protected, mitigated against, or remediated from any impacts related to CVE-2021-4428 (Log4j vulnerability).

Depending on the products and their related services, some servers may have operated Log4J versions specified within the security bulletin. All known instances of these components have been addressed by one or more of the following methods:

  • Disabling/removal of Log4j

  • Removal of JNDILookup class from the classpath

  • Updating systems to versions not impacted by CVE-2021-4428

  • Updated endpoint protection agent to block exploit execution

In addition, as CVE-2021-4428 continues to evolve, our dynamically updated endpoint protection has been configured to monitor for any potential attempt to probe or exploit this vulnerability. In the event of such attempt to exploit, the endpoint protection agent is designed to stop the exploit, alert our 24-hour response teams and, if necessary, isolate the system so that it can then be promptly reviewed and, if necessary, remediated.