Annodata’s response to Apache Log4J Security Vulnerability

December 14, 2021

 

Annodata is notifying all customers of a vulnerability in the Log4J logging library that allows an unauthenticated attacker to perform remote code execution, and gain complete access to a target system via a vulnerable version of the Log4J library. Any application that uses Log4J is potentially affected.

Annodata is aware of the ongoing situation. We are actively working with partners and vendors to mitigate potential exploits.

There is no known record of this being exploited yet, though knowledge is coming through that reconnaissance is starting to be detected around the UK. An initial list of technologies which have been confirmed as vulnerable and those that are still being investigated can be found here. 

Annodata Actions

Annodata is not aware of our own products being affected, but the situation will be continuously monitored. We are aware of other technologies that may be impacted and we are continuing to work with those vendors to review next steps.

In particular if you are running Papercut MF/NG version 21.0.0 or later please contact our service desk and our team will support in mitigating actions. – Papercut Known Issues

Should we discover any other impacted platforms or products we will release further updates.