Important: Log4j Vulnerability

Posted on 16 December, 2021

Dear Customers and Partners,

You may have heard in the news that there has been a recent discovery of a zero-day vulnerability named “Apache Log4j Remote Code Execution”, also known as “Logjshell”.

Essentially the vulnerability could potentially allow an unauthorised user to gain access to a system, prior to authentication. For that reason, the vulnerability potentially has serious consequences and is therefore considered a high-security risk.

For more details, you can view the security log for Apache here: https://logging.apache.org/log4j/2.x/security.html

Also, the below links will take you to the National Cyber Security Centre’s pages on this issue here:

www.ncsc.gov.uk/news/apache-log4j-vulnerability

www.ncsc.gov.uk/information/log4j-vulnerability-what-everyone-needs-to-know

Boston strongly recommends customers take immediate precautions against this vulnerability by patching affected products to the update Log4j2 version 2.15.0.

We further suggest following industry best practices including those published by Apache (Apache Log4j Remote Code Execution) and seek industry qualified, technical advice prior to taking such actions.

Some customers may be understandably concerned that there could be Log4j exposure within their infrastructure which Boston has supplied. Subsequently, our team has been working hard to check in with our vendors and customers this in-depth.

Our partner Supermicro has already released the below statement regarding an affected software package which they supply - Supermicro Power Manager (SPM) - www.supermicro.com/en/support/security/Apache_log4j2

So far, we believe may be the primary (possibly only) product affected in this case but please do check your own products and infrastructure carefully.

Boston will continue to review and assess the Log4j vulnerability, and we will update this page with further information as and when it becomes relevant to do so.

If you have any enquiries or would like to talk to our team, you can call us on 01727 876100 or email [email protected].

Legal Information

This advice is not representative of any specific situation and is intended as general notification only. All users of this information should acquire industry certified advice for their specific environment and technology products before taking action. Boston Limited shall in no way be liable for any compensation derived from or related to any information contained within this page, or actions that any users take based on this information. This is including but is not limited to: direct, indirect and/or consequential losses. This notification is applied to the extent permissible under UK law.

Tags: security, log4j, awareness, apache

RSS Feed

Sign up to our RSS feed and get the latest news delivered as it happens.

click here

Test out any of our solutions at Boston Labs

To help our clients make informed decisions about new technologies, we have opened up our research & development facilities and actively encourage customers to try the latest platforms using their own tools and if necessary together with their existing hardware. Remote access is also available

Contact us

Enterprise optimierte Storage Systeme, Hocheffizient, Zuverlässig und optimiert für SDS

Latest Event

Enterprise optimierte Storage Systeme, Hocheffizient, Zuverlässig und optimiert für SDS | 4th - 4th February 2022, ONLINE

Boston Storage-Lösungen bieten Kunden, die mit CPU-intensivem Storage, virtuellem Storage, Single-Instance Storage und Datendeduplizierung, Datenreplikation und Business Continuity sowie Virtual Tape Library Kundenumgebungen arbeiten, mehrere entscheidende Vorteile.

more info