Log4j – one of the most dangerous vulnerabilities in the last few years!

Log4j allows access to server

iQ.Suite is not vulnerable

Log4j has become interestingly popular in the last several days, unfortunately for the wrong reasons. On the 9th of December, a critical vulnerability was discovered in Apache configurations using the Log4j library – CVE-2021-44228.

This vulnerability scores 10 out of 10 in CVSS (Common Vulnerability Scoring System). Combining the huge adoption of Apache with the high severity of the vulnerability – we are facing one of the most impactful exposures for the last several years. Log4j (also known as Log4Shell) allows remote code execution and access to servers.

Researchers have warned that we are already seeing attackers scanning the internet for vulnerable instances, while Checkpoint even claim they detect around 100 scan attempts per minute.

The first thing to do is check your servers for using Log4j and if so – apply the latest patches and updates.

Note, that iQ.Suite is not vulnerable to this exploit. You do not need to take any additional measures to secure the iQ.Suite platform. However, do take this opportunity to upgrade. We have introduced many improvements, security patches and features that are available for you to download.

Here you can find information about our latest versions and release notes:
iQ.Suite Domino
iQ.Suite Exchange
iQ.Suite KeyManager

If you want to get regularly updated on such news, please subscribe to our Newsletter.

More information on this vulnerability is available here:
https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/
https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://logging.apache.org/log4j/2.x/security.html