Tech Update: PAE Business Log4J Update
Please find below details relating to the recent vulnerability of Log4J and how ECI Software Solutions are ensuring your information stays secure.
What Happened:
On December 9, 2021 a security vulnerability in an open source library called Log4J was made public. This library is in wide use within the global software community and is used to log events in the normal use of software, most often in Java- based applications.
If exploited, this vulnerability allows remote code execution on vulnerable servers, giving an attacker the ability to import malware that allows them to take control of targeted systems.
This vulnerability is not unique to ECI’s software and could be present in other software that our customers use in their business. We encourage their internal teams to examine the impact of this security issue on other vendor software they may be using.
ECI’s Response:
Our Security, Cloud Operations, and Product Development teams have worked diligently over the last 24-48 hours to assess and mitigate our use of Log4j. We have found very few instances of our direct use of Log4j and have remediated these vulnerable versions within our Cloud Offerings.
We continue to monitor the situation and will keep customers apprised of any important updates.
How Does this Affect Our Customers:
Customers do not need to take any action at this time. In most cases, our customers’ use of ECI software products is unlikely to be materially affected by this vulnerability. For ECI customers using our cloud offering, our security team has already identified and applied fixes.
There is no need for customers to contact ECI’s support organization. If they are directly affected, we will proactively contact them with further information.
ECI takes the security of our customers’ software very seriously. We are partners in their success and will continue to communicate any new information as it develops.
Kind regards
PAE Business