As more information becomes available about the impact of this threat, we will update this blog series with additional guidance and technical details on how our customers can mitigate and increase resilience against related attacks.
Our security commitment to customers
Skybox Security has identified the affected components and is updating our products and services.
Skybox Security also completed the investigation of its networks, and we found no evidence of compromise at this time. Further, our defenders are on high alert and have updated all company signatures and rules.
For customers who utilize Skybox Security for vulnerability assessments and prioritization, we have updated our vulnerability dictionary to include CVE-2021-44228 and CVE-2021-45046. Skybox Research Lab will also continue to update our dictionary with the latest list of affected products and vendors.
For the latest information on mitigation guidance for Skybox Security products and services, please visit our Customer Portal.
Mitigation guidance from Apache
To address the vulnerability, Apache recommends applying the latest security updates it issued. Review the following links for more information:
- Apache CVE: CVE-2021-44228
- Apache security advisory: Apache Log4j Security Vulnerabilities
- A GitHub repository is being maintained that highlights the attack surface of this vulnerability.
We will update this blog series with additional information as we and the industry continue to gain a deeper understanding of the impact of this threat.