The National Cyber Security Centre (NSM) sent out alerts on December 10th via the National Security Authority regarding a highly severe vulnerability in the Java-based logging tool Apache Log4j. 

Log4j is a tool used for logging in applications written in the Java programming language. The tool has been in use for many years by Java-based server applications, and now a highly severe vulnerability has been uncovered in newer versions.

The software is published as open source by the Apache Software Foundation and is used by other software manufacturers and software developers in general in a large number of applications. A vulnerability in the Log4j tool can thus become a vulnerability in the applications that use this tool.

Due to the large number of users of Java-based applications and services, it is easy for attackers to exploit and take full control of those affected.

Our approach to addressing the vulnerability

At Procano, we are checking with all suppliers to ensure they are secure, and we are also scanning all our servers and PCs that we manage to see if Log4j is present anywhere.

In events of such a large scale, we rely on good collaboration with our customers. We recommend all our customers who have other software suppliers and who are directly or indirectly involved in software development to review with their developers and suppliers.

We have conducted a comprehensive investigation of our systems and subcontractors and see that we are currently not affected by the security flaw. We will continue our continuous monitoring of this event and will notify our customers if there is a weakness found in our systems or subcontractors.

Read more about the alert and how it affects software here.

If you have any further questions about Log4j and how it affects you, you can contact us.