A critical vulnerability was identified in Apache Log4j (versions 2.0-beta9 to 2.14.1), and a patch has been released. Apache Log4j is an open-source Java-logging library used by many web applications and services.
However, Intact does not use Java for internal software development on any of its products (Intact iQ, Intact Xline, Intact Vline, Intact Cliqx, etc). Therefore, while we continue to monitor for potential vulnerabilities, we do not believe there is any specific threat using Intact products around Log4j.
While the above applies to Intact’s software development, the National Cyber Security Centres in Ireland the UK advise that organisations assess their web servers and internet-facing and non-internet facing software for exposure to this risk. You can read their respective guides by clicking on the links above. This should include services managed and provided by third-party service providers.
Leave A Comment