Updated as of 15/12/2021
Since the Apache Log4j vulnerability affecting Java applications was detected on 9 December, Axiell has worked to assess and secure all systems. That work has now concluded, and we can confirm that all systems remain secure, including the solutions we resell.
Following the discovery of the vulnerability, work began immediately to assess any vulnerabilities within any of our systems that use Java. That work continued over the weekend and has now been concluded. Some vulnerabilities were discovered, however, no exploits of these vulnerabilities were detected, and patches are now in place to protect any systems that use Log4j libraries.
Our customer support portal supplier, Hornbill, has also confirmed that this system is unaffected.
What is the Log4j vulnerability?
Log4j is an open-sourced logging library that is used by many Java applications to log data. On 10th December 2021, a security vulnerability was discovered in certain versions of Log4j that could lead systems vulnerable to attack via remote code execution. IT and security teams have been advised to ensure all affected systems are secured to avoid risk of attack.
Axiell’s priority remains the security of our customers’ systems and data and we will continue to monitor the situation for any further vulnerabilities.