Pos Digicert Statement - Log4j Issue
Apache Log4j 2 Vulnerability
Log4j2 is an open-source, Java-based logging framework commonly incorporated into Apache web servers. According to public sources, Chen Zhaojun of Alibaba officially reported a Log4j2 remote code execution (RCE) vulnerability to Apache on November 24, 2021. The log4j security vulnerability allows attackers to execute malicious code remotely on a target computer. Meaning, bad actors (hackers) can easily steal data, install malware, or simply take control of a system via the Internet.
Pos Digicert is actively following the security vulnerabilities in the open-source Apache “Log4j 2" utility (CVE-2021-44228). Based on our findings, Pos Digicert’s core services for its customers are not using Log4j 2 and are NOT IMPACTED by the issues identified in CVE-2021-44228.
A critical vulnerability in Apache Log4j2 (CVE-2021-44228) has been publicly disclosed that may allow for remote code execution, impacting products that use the library. After a comprehensive audit, all POS DIGICERT SDN BHD’s product and cloud/roaming services are not impacted by this vulnerability.