December 13, 2021
by Communications Team

How is Notarius handling the Log4j vulnerability?

On December 10, 2021, details emerged about a critical remote code execution vulnerability in Apache Log4j version 2.14.1, assigned as CVE-2021-44228. Notarius has assessed this vulnerability and determined that it cannot be exploited on any of its products and solutions (CertifiO, CertifiO Manager, EESP, ConsignO Desktop, ConsignO Cloud, ConsignO Server, VerifiO, Hosted HSM, Hosted VDS and related APIs for all products).

As an abundance of precaution, we have also taken the following measures:

  • December 10: Updated our Web Application Firewalls (WAFs) to filter out any suspicious request that could be exploited through the Log4j vulnerability
  • December 10: Confirmed that none of our logs since December 3rd received a suspicious payload
  • December 13: Updated ConsignO Cloud to Log4j version 2.15.0
  • December 14 to January 25 : Updated CertifiO Manager and the CertifiO Suite to additional security updates of Log4j.

Our systems are currently running recent versions of Log4j. Although none of the vulnerabilities identified since v2.14.1 can be exploited on our products, we are closely monitoring this issue and will issue product updates as necessary.

Share this article