Highly Critical Zero-Day Vulnerability Java Library Log4j (CVE-2021-44228)
13th December 2021
Last weekend, a zero-day vulnerability in the Java library Log4j was published along with exploit code. This vulnerability is highly critical because it can be exploited in a very simple way.
For further information, please refer to the Warning issued by BSI which has declared the highest IT threat level 4/red.
As a precaution, VIVAVIS has taken all hosted customer systems, ticket systems and other applications offline.
In all VIVAVIS sectors, evaluations are currently underway to determine to which extent the products themselves or 3rd party components used by VIVAVIS are affected by the vulnerability.
The control systems supplied by VIVAVIS are located in a secure network zone and are protected by firewalls. According to the manufacturer, the primary firewall we use, i.e. Sophos SG UTM, is not affected (see link).
Furthermore, we recommend that you disconnect all systems that are not absolutely necessary for maintaining business operations from the internet and from potentially insecure network areas.
We will inform you as soon as possible and continuously about the current status of evaluations and about recommended measures.
If you have further questions or require technical support, please do not hesitate to contact our Customer Center.
Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader:
You can find out how to integrate the RSS feed into Outlook here.