On December 10th, 2021, a widespread global vulnerability was discovered in Apache Log4j, an open-source Java package used to enable logging in many applications.
This vulnerability can be exploited to enable remote code execution on servers.
As part of B2BE’s continual and pro-active review of our environments and in-line with our ISO27001 accreditation the various systems that B2BE runs to deliver its supply chain solutions have been updated to ensure continual security of our network and systems.
Specifically, B2BE have completed the following actions to address this vulnerability.
- Ensure our proxy configurations block the query used to exploit the vulnerability.
- Scanned log files on all machines for any trace of exploitation.
- Contacted vendors, where third party software is utilised, to get patches for their software.
- Tested the patches and applied to all environments.
We have also externally scanned our network to check for the vulnerability and can confirm that any Log4j vulnerabilities have been mitigated ensuring B2BE is able to provide continuity of service in-line with our SLA’s and client expectations.