[de.NBI Cloud Bielefeld - Production]: Log4j2 vulnerability (CVE-2021-44228)

12.12.2021 - 20:48
Dear Cloud users, As you may have heard in the news, there is currently an IT security vulnerability ("log4j") that can potentially be present in many IT services. The Federal Office for Information Security (BSI) classifies this security gap as "very serious". The vulnerability and how it can be used to compromise systems is well described at https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/ . Please check if you are running software that is affected by CVE-2021-44228. The webpage https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 lists a variety of affected software tools, libraries, and frameworks and how the vulnerability can be mitigated. On behalves of the de.NBI cloud Bielefeld team, Jan Krüger