Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Log4j Java Vulnerability

            Modified on Thu, 12 Sep at 2:34 PM

            [CF]


            The article covers vulnerabilities around log4j systems and what Verifile has accomplished to mitigate such issues in our systems.


            Does your organisation use log4j systems or services?

            Verifile does not develop or host any systems that run Java and therefore there is no threat to our platform. Data processed or stored in our system is not at risk due to log4j vulnerabilities.

             

            Does your organisation sell log4j products to clients?

            No, Verifile does not sell products to clients using log4j.

             

            Could any PII or client information have been exposed, compromised, or leaked due to log4j vulnerabilities within your organisation?

            No. There is no impact on Verifile’s data security, as we do not use tools that rely on this type of software when processing data.

             

            Have you identified that any of your vendors/third-party providers are using log4j Software?

            We reached out to all our vendors to enquire what applications they use and if there is any risk of vulnerabilities.

            To date, we have identified no at-risk vendors. However, we’ll continue to ensure all third parties take action as needed.

             

            If you or an identified third party are using any of the infected versions of the Log4j, what remediation steps are your organisation taking to evaluate and remediate/mitigate?

            While we have identified no vendor who is/has been using an infected version of log4j, we have proactively advised all parties using Java products to disable the feature of remote lookup by log4j, to upgrade to log4j- 2.15.0.rc2 immediately, and to consider all components of the software they use (especially what may be publicly accessible) before providing us with their reports and remediations if vulnerabilities were detected.

             

            Will there be any impact on your organisations ability to deliver services to clients due to log4j mitigation actions?

            At the present time, there is no impact on our organisation or our ability to deliver services due to log4j vulnerabilities or mitigations.

             

            Whilst we have taken care to ensure that this information is accurate, we update articles regularly. If you feel something is incorrect, please use the feedback buttons below to tell us how

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0
            JavaScript