Apache Log4j Vulnerability; How it Affects UBEO and Our Customers

Network security is an important topic due to the negative impact a breach can have on a business. The recent Apache Log4j global vulnerability demonstrates how software relies upon many different platforms and how a single event can have a ripple effect across the industry. Below is an overview of what the Apache Log4j vulnerability is and how it affects UBEO and its customers.

What is Apache Log4j?

Apache is a web server application that allows a server or an application to display webpages. Apache utilizes Java, which is a programming language, to accomplish many common tasks. One of the built-in programs in Java is called Log4j, which was discovered to have a vulnerability that can be used to take control of a computer. Other applications that utilize the Java programming language may also have this same vulnerability. To maintain security, it is a good reminder to patch applications and operating systems regularly.

What are the risks?

The Log4j vulnerability is considered a severity risk score 10.0 CRITICAL with the government agency NIST. If a server or application can be accessed directly from the internet and has this vulnerability, it needs to be fixed or taken offline immediately. Most servers are not accessible from the internet which means a hacker will have to first gain access to your internal network, however, this vulnerability still needs to be addressed.

UBEO and Customers' Software

UBEO has evaluated all internal software and has taken the necessary steps to address this vulnerability. As a technology provider, UBEO’s customers purchase industry-leading software and expect a high level of security. UBEO has reviewed all major sold and supported customer software and determined the current status of the Log4j vulnerability listed below: