Update on Log4j Vulnerability

Last Update: Tuesday, January 11, 2022

Log4j

On December 9th, and 14 respectively, two vulnerabilities affected the open-source library Apache Log4j. The vulnerability has been given a CVSS (common vulnerability scoring system) score of 10, a  critical severity rating.

Later that month, two other vulnerabilities impacting the same library have been reported.

For more information regarding the vulnerabilities and the systems that they have affected, please visit the National Vulnerability Database:

• CVE-2021-44228
• CVE-2021-45046
• CVE-2021-45105
• CVE-2021-44832

Response from Concord

• Concord is aware of the issue and continues to monitor all affected systems closely. All services have been patched or protected against all vulnerabilities.
• All vendor services used by Concord have investigated the vulnerabilities and have not reported a security breach.
• Concord continues to monitor the situation closely and identify all potential attack vectors that could be used to exploit these vulnerabilities. To date, there are no traces of a security breach or incidents affecting Concord.

We will continue to keep customers updated on the situation, and thank you for your continued trust and use of our product. If you have any additional questions, please reach out to support@concordnow.com.