FibriCheck is aware of the Log4j zero-day vulnerability in the Java logging framework. This vulnerability is being tracked as CVE-2021-442281/2 and currently has the highest severity score [10/10]. Therefore our technical team immediately started an internal investigation, on Saturday, December 11th.
The team confirms that customers and their data are currently not affected by this vulnerability.
During this investigation we have confirmed that although Java is used in our application, none of the services of FibriCheck are currently using Log4j as its logging mechanism. The CVE3 does not have an effect on the FibriCheck codebase and remediation is not needed.
We are currently monitoring all our 3rd party service suppliers to ensure that their services are also not impacted and are patched immediately where needed.
If you need additional details or assistance, please contact the FibriCheck technical support team at support@fibricheck.com.
At FibriCheck, we have always had and continue to have the highest standards when it comes to customer data security.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- CVE is the common term that stands for “Critical Vulnerability and Exposures”
Created on December 14th, 2021 at 01:07 pm
Related Posts
FibriCheck featured at EHRA
We appreciate the enriching experience we had at the EHRA congress. It was a pleasure…
FibriCheck’s 2023 wrap-up
At FibriCheck, we are always innovating and working towards improved efficiency and innovation in heart…
FibriCheck and Inhealthcare are joining forces to tackle cardiovascular disease in the UK
With cardiovascular disease being one of the leading causes of death in the United Kingdom…