CVE-2021-44228: Log4j2 Security Vulnerability

Incident Report for FastSpring

Resolved

FastSpring is actively following the security vulnerability in the Apache foundation's open source library Log4j2 utility CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228). The vulnerability could allow attackers to perform remote code execution on applications that use the affected library.

The FastSpring team was able to react very quickly to this exploit and has updated all applications to include the latest fix provided by Apache https://logging.apache.org/log4j/2.x/security.html on Dec 10. In addition, the team also implemented additional extensive measures in our web application firewall to thwart any malicious traffic that may try to leverage the vulnerability.

We will continue to monitor the situation and provide updates as necessary.
Posted Dec 10, 2021 - 00:00 UTC