As you may be aware, a zero-day exploit for the Apache Log4J utility was announced on December 9, 2021 (CVE-2021-44228), which results in remote code execution (RCE).
Please see the FAQ below to learn more.
What is the Log4J Vulnerability?
December 9, 2021, the Apache Software Foundation released Log4j 2.15.0 to resolve a critical remote code execution vulnerability (CVE-2021-44228) affecting versions 2.0-beta9 through 2.14.1.
Apache Log4j is a popular Java logging library incorporated into a wide range of enterprise software (including Struts2, Solr, Druid, and Flink). This is a well-known vulnerability affecting numerous software companies.
Is ChurnZero Affected by the Log4J Vulnerability?
We reviewed the ChurnZero applications and determined that they are not affected. They’re built with the .NET framework and therefore do not use Log4J.
Are any of ChurnZero SubProcessors affected by the Log4J Vulnerability ?
ChurnZero has reached out to our Sub-Processors to evaluate their exposure and determined that they are either not affected by the vulnerability or they have taken appropriate steps to mitigate.