Apache Log4j vulnerability – impacting millions of Java-based apps

Apache Log4j vulnerability – impacting millions of Java-based apps


Thought leadership articles by IABM and our members
Articles taken from IABM's journal and at show papers
To submit your article email marketing@theiabm.org

Apache Log4j vulnerability – impacting millions of Java-based apps

Fri 28, 01 2022

Actus intelligent monitoring and compliance platform is not impacted and 100% safe!

The Apache Software Foundation has released an emergency security update to patch a zero-day vulnerability. Companies with servers confirmed to be vulnerable to Log4Shell attacks include the likes of Apple, Amazon, Twitter, Cloudflare, Steam, Tencent, Baidu, DIDI, JD, NetEase, and possibly thousands more.

The vulnerability, also nicknamed Log4Shell, can be exploited immediately and can have a huge impact. Any Java application that logs data using Log4j is vulnerable. It’s the most popular logging framework in the Java ecosystem and is used by millions of applications.

Actus Digital confirms its software is not exposed to this vulnerability. Actus servers do not use any Java component and are totally safe from this threat.

The vulnerability affects not only Java-based applications and services that use this library directly, but also many other popular Java components and development frameworks that rely on it. This is reported to include: Apache Struts2, Apache Solr, Apache Druid, Apache Flink, ElasticSearch, Apache Kafka and many others. Any server running these applications is susceptible to remote code execution. When a user generates a request that includes an input, and that request gets logged through Log4j, the vulnerability can be easily exploited. Since most applications are built to accept user input, many servers are at risk.

Organizations should immediately review if their apps, especially publicly accessible ones, use this library and should mitigate their exposure as soon as possible.

This is a major issue for security teams: remote attackers can access and control applications and devices if the code is hiding anywhere on an organization’s network. This is especially concerning to larger and more complex environments because they include hundreds of software applications.

Safe with ACTUS  

Actus Digital software-based quality monitoring/alerting, and compliance platforms do not employ any of the susceptible code and are 100% safe from this threat.

This includes the newest version of Actus software that expands the platform with features beyond compliance and technical monitoring.

Introducing Actus L-MAM (Light MAM)

New options for live content tagging and indexing with automated dynamic metadata insertion empowers easy searchability to quickly find relevant content.

For many workflows requiring manual or automated content tagging, search-and-retrieve, and automated publishing… there is no need for expensive MAM

solutions where Actus L-MAM gets the job done at a fraction of the cost.

New Actus L-MAM is simple, fast, powerful, and accessible to everyone in the organization with authorization.

To learn more about the reliable, trusted, secure Actus platform, including:

Quality Monitoring and Alerting,

Compliance Logging,

Content Repurposing with Clip Concatenation and Publishing,

AI-based Workflow Integration,

and now Actus Light-MAM…
please visit www.actusdigital.com




Search For More Content

Latest Posts