Last Updated: December 15, 2021 11:00PM CET – A zero-day exploit for a vulnerability code-named Log4Shell (CVE-2021-44228), also known as Log4j2, was publicly released on December 9th, 2021. A detailed description of the vulnerability can be found on the Apache Log4j Security Vulnerabilities page.
Yenlo became aware of the Log4Shell vulnerability on December 10th, 2021. Our Support Team and our Security Officer immediately conducted an assessment across our solutions, products and services to determine the impact of this vulnerability. Overall conclusion: No vulnerabilities are detected for our platform and online services.
Please contact Yenlo Support Team (firstname.lastname@example.org) to assist in advise, patching or 24/7 Operational Support services. In case you have any question, please contact Yenlo via your regular contact channels (with a preference by a ticket via our support portal).
Our integration Platform-as-a-Service, Connext, our managed WSO2 Cloud platform, is per default monitored, security patches are always applied and updates roll-out when needed. This is fully aligned with our ISO-certification standards. Nevertheless, we have verified our Connext Platform and all underlaying technical components. The Connext Platform and all underlying components are not vulnerable for the described attack vector. All components are deployed with a java version that is confirmed resistant to this threat. In spite of this, extra precautions for potential abuse detection are implemented and rolled-out immediately.
We have verified our Centraal Aansluitpunt and all underlaying technical components. The Centraal Aansluitpunt and all underlying components are not vulnerable for the described attack vector. All components are deployed with a java version that is confirmed resistant to this threat. Nevertheless, extra precautions for potential abuse detection are implemented and rolled-out immediately.
WSO2 technology running on-premises or in your own Cloud
In case you have WSO2 technology running on-premises or in your own Cloud setup, you might use a specific version of the WSO2 technology that is vulnerable. Please verify the versions of the underlying WSO2 components you are running with the official statement of WSO2 here.