From Bjumper, we are always concerned about the security of our solutions. Today, we want to address the latest major security threat that many of the big players in the IT world are facing, and which you have probably read about in specialized and general news: Log4jShell (CVE-2021-44228).
This zero-day vulnerability is rated 9/10 - Critical. It is a vulnerability that affects the Java Log4j logging library, developed by Apache, and is widely used in all kinds of services and software.
PTo learn more about it, in addition to the numerous articles that have been published, we recommend checking the latest updates on this vulnerability and others related to it on the official CCN page: https://www.ccn-cert.cni.es/seguridad-al-dia/alertas-ccn-cert/11462-descubierta-nueva-vulnerabilidad-asociada-a-apache-log4j-2.html
As part of the CVE-2021-44228 vulnerability, we have identified the CVE-2021-45046 vulnerability, as well as another one (CVE-2021-4104) related to and exploitable on Apache Log4j 1.x
At Bjumper, after reading and analyzing the threat, we contacted our manufacturers and can report that the DCiM solutions we market and implement are not affected by this threat.
We will remain vigilant for any new developments and potential threats. The bad guys don't rest, but neither do we!!
