The majority of The Access Group’s products are .NET and this vulnerability (CVE-2021-44228) relates to Java-based applications that use Log4j 2 versions 2.0 through 2.14.
Only 3 Access products were identified as using the Log4j library and have now been patched.
As a precaution, we have scanned our public-facing estate to look for this vulnerability and that has come back negative. In addition to this, we have next-gen firewalls that block this attack in transit and XDR/EDR systems that detect and block any IOCs discovered on our hosts.
We have identified third-party products in-use that may be vulnerable; however, these are internally facing only, and remediation will be scheduled as it becomes available.
If you have any additional questions or queries regarding this, Please raise a new case online and reference the title of this article.
Log4J vulnerability statement
In this article, we explain the Log4J vulnerability statement.
B
Written by Billy Dilks
Updated over 5 months ago