SecureAuth security advisory - Apache Log4j vulnerability
December 14, 2021
SecureAuth (formerly Acceptto) is aware of the Log4j vulnerability announced on December 9th. Information about a critical unauthenticated RCE vulnerability (CVE-2021-44228) that affects Java logging package log4j was tweeted, and a proof-of-concept (PoC) were posted on GitHub. This vulnerability could allow attackers full control of the affected server if a user-controlled string is logged. Since it is so easily exploited, the impact of this vulnerability is severe. The vulnerability is already being actively exploited in the wild.
Neither of the Acceptto products, It’sMe mobile app and eGuardian, are using the Log4j module. There is no action required by our customers.
Bil Harmer CISSP, CISM, CIPPCISO & Chief Evangelist | SecureAuth |secureauth.com | 650.303.9638