INTRODUCING

As you may be aware, a zero-day exploit was reported in the wild on December 10, 2021, targeting a Remote Code Execution (RCE) vulnerability in the Apache Log4j library. Appspace has confirmed that this vulnerability does not affect the Appspace platform. Please see below for more information.

Appspace Platform and Services

Appspace does not use the Apache Log4j library in any part of our software. Therefore, this vulnerability does not impact our products or platform and Appspace currently does not need any patching or other remediation steps.

Third-Party Tools

We have conducted an internal analysis and confirmed the logging features provided by Google Cloud Platform and any other of our partners’ features do not use Log4j or have already remediated this vulnerability. 

Based on our analysis and reports from our software partners, no internal tools are impacted at this time.

Background on the Log4j Vulnerability

On December 10, 2021, a zero-day exploit was observed in the wild targeting a Remote Code Execution (RCE) vulnerability in the Apache Log4j utility (a Java open source logging tool). The Log4j vulnerability, also referenced as log4shell, is caused due to the lack of input sanitization whereby when a web application or mobile application server leveraging Log4j to log messages accepts an input and then logs it, a malicious unauthenticated actor can then force the Log4j service to receive a payload or malicious code from another remote server. This will impact the confidentiality, integrity, and availability of the web application server and its data.

References

Vulnerability CVE: CVE-2021-44228 – Apache Log4j utility 2.0-beta9 to 2.14.1

https://logging.apache.org/log4j/2.x/security.html

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

We take the security and privacy of our customers seriously. That’s why we’ve built Appspace with the security standards you need so you can have peace of mind that your data and employees are safe. In 2022 we plan to add additional security certificates as we proactively work to provide a platform you can trust.