Here’s a summary of how EngagementHQ is ensuring rapid response and mitigation regarding the Java Log4j RCE vulnerability, to keep customer content and data secure.
Status of Response and Mitigation
No action required from customers
None of our applications are written in Java or use Log4J,
EngagementHQ is performing an audit of all dependent 3rd party services. If any dependent services are identified that use Log4J, mitigation measures will be taken immediately and outlined in an update to this article.
What is Log4j RCE?
A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE). Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. The attack surface is very wide since it’s almost impossible to find any single Java project without the log4j library enabled. It affects internal services and APIs that are based on Java and uses other API and application data to log them.