Is Miro affected by the vulnerability in the Log4j logging library (CVE-2021-44228)?
Tibo 2 years ago
Hi all,
Here’s a summary of how Miro is ensuring rapid remediation and mitigation regarding the Java Log4j RCE vulnerability (CVE-2021-44228), to keep customer content and data secure.
Status of Mitigation and Remediations
- No additional actions are required from the customers
- Miro has rolled out the updates to detect and mitigate CVE-2021-44228
- Where immediate removal may be problematic, Miro has implemented mitigation controls with firewall blocking and extended monitoring and alerting
- Attempts at exploitation will be automatically blocked at the Miro firewall level
What is Log4j RCE?
A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE). Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. The attack surface is very wide, since it’s almost impossible to find any single Java project without the log4j library enabled. It affects internal services and APIs that are based on Java and uses other API and application data to log them.