As many have noticed, there was in the software world a recent discovery that a commonly used software library called "Log4j2" had critical vulnerabilities. Let's take a look at what's happening.
Understandably we have gotten some questions from our customers and partners if Membrain has been affected by this. We'd like to share some information on what the the incident is about, what it means, and a clarification that Membrain is unaffected by this vulnerability.
The team here at Membrain is aware of the situation related to the newly discovered security vulnerability connected to "Log4j2" (CVE-2021-44228). We will continue to provide updates to this issue as it develops in this post.
Let's get the most pressing concern out of the way before we dive into more detail:- Membrain do not use Log4j2 as a logging tool.
- As a software Membrain is not susceptible to or affected by this vulnerability.
- Your data in Membrain remains safe.
So let's take a closer look at what this is all about.
What is Log4j?
Log4j is a widely used library for logging in software applications (for example for error messages and similar). It is used in enterprise software applications, including those custom applications developed in-house by businesses, and forms part of many cloud computing services.
Essentially, it's a practical and time-saving resource for software developers to minimize the efforts needed to build these types of tools internally. As a policy we at Membrain, for this very reason, try to minimize any dependancy on third-party components to ensure the security and integrity of our customer's data.
What is the vulnerability?
On December 9, 2021, the vulnerability CVE-2021-44228, also known as Log4Shell (more details safely accessible here) was reported. It could allow a system running Apache Log4j 2 version 2.14.1 or below to be compromised and permits Remote Code Execution (RCE). This allows attackers to execute arbitrary code on the host (more technical information safely accessible here).
So what does that mean?
Remote Code Execution essentially means that an attacker has the ability to send and run anything they want on your system, effectively giving them full access to all your data.
This gives hackers a wide array of tools to cause harm, including stealing system credentials, getting deeper access within compromised networks, and stealing data. This issue is a monumental event that you will likely hear more on in news outlets for months, if not years, to come.
Is Membrain affected?
No. Membrain does not utilize this library and our customers can be confident that you can safely use Membrain, and that the safety and security of your data is and always be a critical priority for us.
Our technical team will continue to review and monitor any updates as it related to this on-going issue in the software world.
Help us spread the word about how great Membrain is and write a review on G2Crowd
