A high severity vulnerability, (CVE- 2021-44228), impacting multiple versions of Apache Log4j utility, was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions- 2.0 to 2.14.1. Find the details of this vulnerability documented here: https://logging.apache.org/log4j/2.x/security.html
We have patched all the exploitable vulnerabilities related to the Log4j issue in our Almabase services. Some of our cloud services have third-party components that could be potentially vulnerable and we are working with the vendors/service providers to ensure that these are patched. We have found no evidence of any exploitation of this vulnerability in our environment as of 16th Dec 2022. We are continuing to analyse the issue and will provide updates on any new findings.
Please be rest assured that there is no cause to worry for Almabase users.
Head of Engineering @ Almabase.