No Log4j vulnerabilities found in DATPROF Software

What is Log4j?

Log4j is a very common Java logging library developed by the Apache Software Foundation. This component allows remote code execution, often from a context that is easily available to an attacker. This makes everyone employing Log4j a potential target for attacks.

The security risk with Log4j, also called CVE-2021-44228 or Log4Shell or LogJam, is being considered one of the most dangerous and most severe risks found in recent years. The vulnerability allows attackers to remotely abuse the rights of web servers, with potentially significant consequential damage. Many large organizations use this component (it affects all versions), making them a potential target.

Information from NCSC (Dutch National Cyber Security Center)

On Github a list is published, containing applications that might be vulnerable due to the vulnerability in Log4j. This list is far from exhaustive and will be supplemented in the coming days with information about applications that are not yet on the list. Cybersecurity company Northwave made a tool available to check if your server is vulnerable. The NCSC refers to the disclaimer in the accompanying text.

Conclusion

We thought it was important to write this update so that DATPROF users could be reassured: DATPROF products do not use the specific log4j component, so there are no vulnerabilities involved. If there is any news, we will keep our customers informed by email. We hope to have informed you sufficiently, but if you have any questions, don’t hesitate to contact us.