On December 9th, news surfaced about a vulnerability that was discovered in a Java logging library. This coding tool has been used to build a huge number of some of the most popular web-based applications over the past several years. Basically, the bad guys have figured out a way to use the building blocks of Java coding against you. If interested, you can read a more technical explanation of the vulnerability here:
Special Note:
This is an application-specific vulnerability, not something within your network. You must start working with your software vendors now to address this issue and limit any potential exposure.
MapleTronics' Response:
At this time, MapleTronics is actively working with our internal application vendors to ensure that we are not exposed to this vulnerability. Our internal security response team has taken some initial steps to limit exposure based on the feedback we have received from our vendors
Recommended Client Action
You should begin reaching out to your application and software vendors, especially cloud-based software, for guidance involving this vulnerability starting now
You should check with any of your web developers regarding this vulnerability on their web sites
Questions You Should Be Asking Your Software Vendors
"Is your application vulnerable to the Log4j exploit?" (Yes, No, Unsure / Figuring it out)
- If their answer is “Unsure” ask: “do you have a timeline regarding when you expect to have an answer?”
- If their answer is “Yes” ask:
Cloud Based Application - "When do you expect to have the issue remediated?"
On-Premise Application - "What guidance do you have?"
If this application is exposed to the internet - "should we remove public access to this application?"
Make sure to have any remediation steps documented
If you don't get good answers to the questions above, please reach out to your MapleTronics CRM or service team for guidance on next steps and options.
We will continue to monitor the situation and post updates as new information is received.