Skip to main content
ExLibris
Ex Libris Knowledge Center

Security Advisory– Log4Shell Security vulnerability (CVE-2021-44228) - December 12, 2021

Overview

On December 10, 2021, A critical remote command execution (RCE) vulnerability (CVE-2021-44228) was disclosed in Apache Log4j versions 2.0 to 2.14.1, a logging tool widely used globally in many consumer and enterprise apps, cloud services, and websites. Exploiting this unauthenticated remote code execution vulnerability in Apache's Log4j Java-based logging tool, depending on how the system is configured, potentially allows an attacker to download and subsequently execute a malicious payload.

References

Effective Security Severity Level

Critical

Affected Systems

Ex Libris products are not affected by this vulnerability.

Tests and Certifications

Ex Libris products are being tested to confirm that they are not affected by this vulnerability.

Actions Taken for Hosted Systems

Ex Libris products are not affected by this vulnerability. As an added precaution, Ex Libris deployed additional protection in our cloud data centers to further protect our systems from this vulnerability.

Required Actions for On-Premises and Local Systems

Ex Libris products are not affected by this vulnerability.

For customers using Apache Log4j versions locally installed elsewhere in their environment, we recommend consulting their local security staff or in case of third party systems, follow the respective vendor's instructions.

 

Exploitation and Public Announcements

The Ex Libris Security Incident Response Team (SIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory in the context of Ex Libris products.

 

Record of Changes

Type of information Document Data

Document Title:

Security Advisory– Log4Shell Security vulnerability (CVE-2021-44228) - December 12, 2021

Document Owner:

Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

Approved by:

Barak Rozenblat – VP Cloud Services

Issued:

December 12, 2021

Reviewed & Revised:

December 12, 2021

 

Revision Control

Version Number Nature of Change Date Approved

1.0

Initial version

December 12, 2021

Document Distribution and Review

The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated regularly or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver.

  • Was this article helpful?