(CVE-2021-44228) and (CVE-2021-45046)

A recent discovery of log4j vulnerability has created a lot of concerns for security teams all over the world.

Log4j is an open source software used by a very large number of websites and applications to log information for use by site administrators, developers and others. Unfortunately, a previously unknown security vulnerability allowed for download and execution of software from external sites. It can potentially be exploited to take over any site and server running versions 2.0 through 2.15 of log4j. Additional information regarding the vulnerabilities in Apache log4j can be viewed via the following link: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

4medica exposure
Immediately after the advisory release, and after strenuous review with internal development and security teams, we have concluded the 4medica system itself is not vulnerable to log4j exposure and has experienced no Remote Code Execution. Our development and internal security teams will continuously monitor our systems for any threats and vulnerabilities.

4medica has contacted applicable vendors and confirmed they have reviewed and patched all possible Log4J instances or put in mitigating controls.

4medica customer exposure
4medica applications are run within browser and are not affected by log4j vulnerability.

With respect to other (non 4medica) systems at customer sites, we advise to continuously monitor updates and follow guidance provided by appropriate organizations. A guidance from Apache organization can be viewed via the following link: https://logging.apache.org/log4j/2.x/security.html