On December 10, 2021, a new vulnerability impacting multiple versions of the popular Apache Log4j logging library was publicly disclosed.
As defined by the National Vulnerability Database, this vulnerability has been assigned CVE-2021-44228 and is also being commonly referred to as "Log4Shell". Versions of the library said to be affected are versions 2.0-beta 9 to 2.14.1.
Prendio has assessed the impact that this vulnerability and its associated exploits may have on our technology stack. Prendio has reviewed our technology stack and found that the log4j version we are using is outside the range of vulnerable versions (versions 2.0-beta 9 to 2.14.1). Prendio uses Log4j version of 1.2.17, which is not impacted.
We have reviewed our logs and detection infrastructure and have not discovered evidence of exploitation in our environment at this time.
Prendio is also assessing such vulnerabilities in its vendor products and third-party service providers. We will continue to vigorously monitor for any potential exploits and will take appropriate action accordingly.
We appreciate your patience and understanding.