Attention: Federal Office warns about massive and dangerous IT security vulnerability “Log4j
log4j is a framework for logging application messages in Java. Within many open source and commercial software products, it has become a de facto standard over the years. log4j is considered a pioneer for other logging frameworks, even in other programming languages.
What does this mean in plain language:
Currently, hackers from all over the world are trying to scan systems accessible from the Internet to detect the vulnerability. Our customers and ourselves will also be affected by these scans.
The above technology is used by just about every major software vendor in some of their products: VMWare, Cisco, Unifi, SAP, and and and.
If the vulnerability is found, it can be exploited to execute unrestricted code on the target system. This means you can do whatever you want with the system. e.g. copy the complete customer database, steal patents or spy out access data, e.g. for online banking.
CosH’s IT security team has been busy analyzing the vulnerability since Sunday.
The most important thing is that you and your colleagues remain calm.
- Analysis of security protocols from firewall and endpoint security
- In case of suspicion or finding of incidents we contact you proactively by phone
- We discuss the next steps by phone
So you can check via your vendor if your software uses Log4J:
- Open Google
- Enter the following CVE code + the name of your software e.g.
- CVE-2021-44228 SAP
- If the manufacturer already has information about the gap, you will find something about it on the website.
- Follow the information and order the installation of updates for your software
- If you do not find any information, try the same the following day
- If you have not found any information after 7 days, you should contact your system vendor by email and explicitly ask if the Log4J framework is used in your software.
Here are some things you might want to check:
ERP System, CRM System, Banking Software, Time Recording Software, Accounting Payroll Software, Document Management Software, Telephony Software, Video Chat Software