Log4Shell — CVE-2021–44228
CVE-2021–44228 (or ‘Log4Shell’ as it’s now known) has been making waves in security and development teams around the world. Many companies have been racing to patch internal systems and business services to minimise the chance of being compromised.
This is understandable given the perfect 10 rating given for criticality, especially when coupled with the fact that, like many high profile vulnerabilities, an exploit has already been made public and there is evidence of exploitation in the wild.
At Ravelin we also have to make sure our platforms and data remain safe. We are predominantly a Golang house and in this instance our platform remains protected from exploitation as we do not use the Java language or the Log4j package. Alongside this, we have a multitude of controls in place to monitor for and defend against any malicious activity undertaken against the Ravelin platform.
Finally, whilst the Ravelin platform is not vulnerable, the Ravelin team also performed an in-depth assessment on all supporting third party services and components. This assessment determined that all third party services are also either not vulnerable, or the vendor has already added mitigating controls to ensure protection.
The Ravelin team will continue to monitor any new developments to Log4Shell as well as remaining vigilant for future threats by continuously testing, evaluating and scanning our platform and its supporting systems. Security of our platform and data is paramount.
