Back to blog
Platform

CM.com Response to the Log4J Vulnerability

On 10-12-2021 CM.com became aware of the Log4J security vulnerability also known as CVE-2021-44228. We would like to share with our customers how we've acted upon the zero-day vulnerability.

On 10-12-2021 CM.com became aware of the Log4J security vulnerability also known as CVE-2021-44228. Any software application using this popular Java logging library is vulnerable to a so-called ‘Remote Code Execution’. Whereby attackers are able to execute malicious code on the servers of the vulnerable party.

No Misuse Was Found

As a result of this, we directly started an internal investigating to determine the impact on the CM.com services. The conclusion from our security team is that no misuse was detected resulting from the Log4J vulnerability. We will continue to monitor the situation and improve our security on a daily basis.

Systems Are Updated

We’ve performed the following research and measures:

  • Updated our Web Application Firewall rules to filter malicious requests,
  • Scanned our own software,
  • Analyzed software and third-party applications we use in our own solutions following the guidelines published by the Dutch National Cyber Security Center,
  • If necessary performed updates and changes to mitigate any risks with Log4J,
  • Started a backward scan of log files to detect any possible exploitation before the mitigations
  • Intensify our Network Monitoring specifically for these possible exploits.

Update: CVE-2021-45046

15-10-2021 09.32 CET: A new vulnerability within Log4J has been discovered and filed under CVE-2021-45046. CM.com has taken notice of the new development and will mitigate this by updating our services where applicable.

For any questions surrounding this topic feel free to reach out to our support team.

Contact Us

For any questions surrounding this topic feel free to reach out to our support team.

Contact Us
is Product Manager at CM.com and helps companies to use communication technology and make a meaningful conversation with their audience.

Is this region a better fit for you?

Go
RCS
Apple Messages for Business
Whatsapp
WhatsApp
Scan & chat
Scan the code with your mobile phone to start chatting or use WhatsApp Web