As you may be aware, a zero-day exploit was reported in the wild on December 10, 2021, targeting a Remote Code Execution (RCE) vulnerability in the Apache Log4j library. Appspace has confirmed that this vulnerability does not affect the Appspace platform. Please see below for more information.
Appspace Platform and Services
Appspace does not use the Apache Log4j library in any part of our software. Therefore, this vulnerability does not impact our products or platform and Appspace currently does not need any patching or other remediation steps.
Third-Party Tools
We have conducted an internal analysis and confirmed the logging features provided by Google Cloud Platform and any other of our partners’ features do not use Log4j or have already remediated this vulnerability.
Based on our analysis and reports from our software partners, no internal tools are impacted at this time.
Background on the Log4j Vulnerability
On December 10, 2021, a zero-day exploit was observed in the wild targeting a Remote Code Execution (RCE) vulnerability in the Apache Log4j utility (a Java open source logging tool). The Log4j vulnerability, also referenced as log4shell, is caused due to the lack of input sanitization whereby when a web application or mobile application server leveraging Log4j to log messages accepts an input and then logs it, a malicious unauthenticated actor can then force the Log4j service to receive a payload or malicious code from another remote server. This will impact the confidentiality, integrity, and availability of the web application server and its data.
References
Vulnerability CVE: CVE-2021-44228 – Apache Log4j utility 2.0-beta9 to 2.14.1
We take the security and privacy of our customers seriously. That’s why we’ve built Appspace with the security standards you need so you can have peace of mind that your data and employees are safe. In 2022 we plan to add additional security certificates as we proactively work to provide a platform you can trust.
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
