December 13, 2021 ·
Summary: On December 9, 2021, a vulnerability was discovered in log4j, a logging framework commonly used by multiple enterprise systems. We would like to reassure you that BizMerlinHR has not been affected by this security vulnerability. Due to the severity and the wide spread nature of this vulnerability, we are pro-actively updating our customers via this web page.
What and when: Last Friday the 9th of December, Apache communicated a vulnerability in certain versions of their log4j utility software.
The vulnerability: A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1. potentially leading to remote code execution.
BizMerlinHR Software Implications: After an extensive review, BizMerlinHR determined we have no exposure to this vulnerability in any capacity, so no action was needed from our side.
Ongoing Steps: Out of abundance of caution, we are continuing to monitor the security of our platform closely. If we can help answer any questions or provide further assistance, please get in touch with our customer support team.