Updated as of 15/12/2021
Since the Apache Log4j vulnerability affecting Java applications was detected on 9 December, Axiell has worked to assess and secure all systems. That work has now concluded, and we can confirm that all systems remain secure, including the solutions we resell.
Following the discovery of the vulnerability, work began immediately to assess any vulnerabilities within any of our systems that use Java. That work continued over the weekend and has now been concluded. Some vulnerabilities were discovered, however, no exploits of these vulnerabilities were detected, and patches are now in place to protect any systems that use Log4j libraries.
Our customer support portal supplier, Hornbill, has also confirmed that this system is unaffected.
What is the Log4j vulnerability?
Log4j is an open-sourced logging library that is used by many Java applications to log data. On 10th December 2021, a security vulnerability was discovered in certain versions of Log4j that could lead systems vulnerable to attack via remote code execution. IT and security teams have been advised to ensure all affected systems are secured to avoid risk of attack.
Axiell’s priority remains the security of our customers’ systems and data and we will continue to monitor the situation for any further vulnerabilities.
Update for UK Public Library customers:
Since seeing the Apache log4j vulnerability announcement on the 10th of December, Axiell have performed a review of all our public library solutions. As a Primary .Net software provider, the LMS was not impacted by this vulnerability. Our Public interface application does use Log4J but no production environment uses the version of the application that has the identified vulnerability. We did have some applications in a none production environment that used the version Log4J with the security weakness and these were all patched over the weekend of 11th/12th December.
