Last week a security vulnerability in the Apache Log4j 2 library was publicised. The vulnerability has been given the formal title of CVE-2021-44228, but is also being reported using the terms Log4Shell
and LogJam
.
This vulnerability can, under specific circumstances, allow a malicious third party to execute code on a remote server which is running an unpatched version of Log4j, potentially allowing the exploit to gain remote control of the server.
For a system to be vulnerable it requires four pieces of software infrastructure to be in place and actively used:
- The system has to be coded in Java
- The system is not using the Java Security Manager
- The Java based software system is exposed to and accepts input from the public internet
- The Java based software system uses Apache Log4j 2 to undertake logging
None of Kamma’s platform or services, in our production, integration, staging or development environments, are coded in Java and thus we would like to reassure all our customers that as a company, Kamma is unaffected by this vulnerability.
However if you would like to discuss this in greater detail or require any further information, please contact us at support@kammadata.com.