Log4Shell, a new vulnerability, is being hailed as one of the worst cybersecurity flaws ever discovered. According to several reports, hackers are already testing exploits for this vulnerability, which grants them access to an application and could potentially allow them to run malicious software on a device or servers.
What is Log4j?
The Log4j framework is used by software developers to record user activity and application behavior for later review. It is distributed for free by the nonprofit Apache Software Foundation. Log4j has been downloaded millions of times and is one of the most widely used tools for collecting data across corporate computer networks, websites, and applications.
What is Log4j’s vulnerability?
A vulnerability in Log4j allows attackers to remotely execute code on a target computer, allowing them to steal data, install malware, and take control. Some cybercriminals have installed software that mines cryptocurrency using a hacked system, while others have created malware that allows attackers to take control of computers and launch large-scale attacks on internet infrastructure.
Is Vembu BDRSuite vulnerable?
The answer is NO!.
Despite the fact that BDRSuite’s products use the Apache web server, the log4j vulnerabilities only affect Java-based web servers. The BDRSuite users do not need to be concerned as the BDRSuite does not use a java-based web server in its products.
If you’re still concerned about Log4j, we recommend deleting all Log4j related files from the BDRSuite components installation directory. Removing the Log4j related files does not affect further backup or recovery operations.
Refer to the following KB article for instructions on removing Log4j-related files from the BDRSuite installation directory. https://www.bdrsuite.com/support/knowledge-base/question/115130/log4j-vulneurability-fix/
Wrapping up
Organizations must prioritize reducing exposure by patching and mitigating all aspects of their infrastructure, as well as investigating exposed and potentially compromised systems. To protect yourself, we recommend you examine your systems for any vulnerabilities and update them to the latest version. Contact your service provider or software vendors for the latest security patch.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.
