Summary
An exploit for the open source “Log4j” logging service emerged on the morning of Friday December 10th, 2021, which can be trivially exploited. This vulnerability, also known as “Log4Shell”, is due to a feature introduced in Log4j 2.x versions where a specially crafted string embedded in messages logged by Log4j could be interpreted causing Log4j to connect to remote systems or directly execute arbitrary code.
Logility’s Security and R&D teams have been actively investigating the situation since that time, evaluating the risk to our platform, and deploying mitigations and patches to secure our customers.
Further Information
Logility is committed to the security and reliability of our platform for our Customers and Partners.
Customers and Partners can access the latest information regarding Log4Shell and the Logility Platform via our Support Portal.
Support
If you have any questions or concerns, please reach out to your Logility account contact, or access our Support team via:
Reference
Apache Log4j Security Advisory – https://logging.apache.org/log4j/2.x/security.html
CISA statement on Log4J vulnerability – https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Written by
Logility Security Team
Short bio
