Friday 10th December 2021

[Sicherheitshinweis/Security notice] Apache Log4j2 Version >=2.0 & <2.15

Affected Systems: Customer Applications

Incident Start: 10.12.2021 17:00

Incident End: 13.12.2021 11:00


Description:

On 10/12/2021 a security alert was published, which can be found at CVE-2021-44228.

The risk is that a Remote Code Execution (RCE) Format String Lookup Vulnerability can be exploited when using Apache Log4j2 in a version >=2.0 and <2.15.

We have contacted all customers individually who, to our knowledge, are urgently affected by the vulnerability. We also cannot exclude the possibility that a corresponding version is running in your user context due to your own deployment and cannot be identified by us.

**We therefore ask every customer to check their own application for the possibility of being affected by the aforementioned security vulnerability.

We are happy to assist you within the scope of our possibilities. Please open a ticket in our helpdesk (https://helpdesk.syseleven.de). Outside our service hours, please contact our on-call service by phone in case of emergency.

See also our HelpDesk Article.


Customer Impact:

Possible: Remote Code Execution (RCE) Format String Lookup Vulnerability


Update: 13.12.2021 11:00

We close this notification Issue. To handle the incident individuelly, please create a Ticket.