Log4j zero-day vulnerability AKA Log4Shell (CVE-2021-44228)

14th December 2021


Overview

The Apache Log4j project, in a security advisory published on Thursday, December 9, 2021, disclosed a critical security vulnerability that results in remote code execution. 

What CyGlass products are affected?

The CyGlass SaaS service does not have any Internet facing components that use Log4j.

CyGlass Web and API servers, Collectors and Log Agents are not impacted by this vulnerability since they do not use log4j as their logging framework.

CyGlass is reviewing and patching all affected internal 3rd party applications and services as part of its incident response process. Even though these components don’t have direct access from the internet, we will patch these components as they become available.

Contact us at support@cyglass.com with any questions.