We would like to inform all our customers that, immediately following its discovery, we carried out research on our production and development environment in order to verify our exposure to Log4J vulnerability, better described as CVE-2021-44228. We make no use of Log4J in our applications and are investigating third party libraries/products installed in our environments by monitoring constantly the updated list of affected systems:
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
https://github.com/cisagov/log4j-affected-db
All our production servers are protected by the ACSIA Intrusion Detection System, provided by our partner 4Securitas, that has put in place a specific detection mechanism for Log4j vulnerability. ACSIA is able to detect whenever a scanning operation is performed with the aim of ascertainiing if the monitored client is vulnerable or not to Log4j. It will also detect post exploitation activities. We are updating our installation of ACSIA in order to extend this protection to all our exposed servers.
We are at your disposal for any questions or clarification.
Kube Partners – Information Security Office