Logility Statement on Apache Log4j / Log4Shell / CVE-2021-44228 Vulnerability

Summary

An exploit for the open source “Log4j” logging service emerged on the morning of Friday December 10th, 2021, which can be trivially exploited. This vulnerability, also known as “Log4Shell”, is due to a feature introduced in Log4j 2.x versions where a specially crafted string embedded in messages logged by Log4j could be interpreted causing Log4j to connect to remote systems or directly execute arbitrary code.

Logility’s Security and R&D teams have been actively investigating the situation since that time, evaluating the risk to our platform, and deploying mitigations and patches to secure our customers.

Further Information

Logility is committed to the security and reliability of our platform for our Customers and Partners.

Customers and Partners can access the latest information regarding Log4Shell and the Logility Platform via our Support Portal.

Support

If you have any questions or concerns, please reach out to your Logility account contact, or access our Support team via:

Reference

Apache Log4j Security Advisory – https://logging.apache.org/log4j/2.x/security.html

Logility Security Team

Written by

Logility Security Team

Short bio

Supply Chain Brief

Recommended