"Red Alert" critical vulnerability in Log4j published

Sebastian Kremer
Red warning sign with code in the background indicating a security vulnerability in Log4j.

At the weekend, the German Federal Office for Information Security (BSI) declared the IT threat level red, which is the warning level with the highest severity. The software component Apache Log4j (versions 2.0 to 2.14.1) is affected. This is an open source logging library for Java applications that is implemented in many services and software applications worldwide.

The Log4j library is used to log events in various applications and interpret the text. If this text contains a link to malware, the interpretation downloads it and opens the door to hackers. This type of attack is also called Log4Shell or "logging, for direct access to the system".

EIKONA Logistics established a task force directly after the first information about this problem and has already been continuously checking all systems for this security gap since the end of last week. "The software developed by EIKONA Logistics does not use the log4j component in question. We are also monitoring the situation very closely and are working closely with the third-party manufacturers of deployed software and systems. We monitor all customer environments extensively and intensively for this security gap. We have also already patched all known and possibly vulnerable systems as a precaution or additionally secured them where the manufacturers are still actively working on patches. We currently do not assume any immediate danger for our customers or EIKONA Logistics itself". Sebastian Kremer, head of the taskforce, informs.

Currently, there is no official list of which applications are affected by the security vulnerability. The manufacturers are currently checking what is affected and developing updates to eliminate the vulnerabilities.

Status 13.12.2022, 1:00 P.M.