News & Events

Log4j Zero-day Vulnerability CVE-2021-44228

New York, 12/13/2021

For immediate release.

GNS received notification on December 10th from the Apache Software Foundation regarding an emergency update for a critical zero-day vulnerability CVE-2021-44228, which is in relation to the widely used opensource logging tool Log4j. GNS has been actively scanning hosted applications since the alert was received, and will notify any affected clientele if Log4j is detected within their environment. Apache has already released Log4j 2.15.0 to address the issue, and this remediation will be applied in accordance with applicable patch management processes in order to avoid any potential exploit. Currently, we have not found widespread usage of Log4j across the majority of client environments, nor has the Log4J components been found to be in use throughout GNS' internal networks.

GNS will continue to operate in a state of active monitoring and readiness to respond to any such threats. Our top priority is to work closely with our clientele to preserve the security and protection of their information.

This press release was published on 12.13.2021. For more information, please contact compliance@gnetsys.net.