Security Update

Our Response to CVE-2021-44228 (also known as Log4Shell)

Apache Log4J Logo

On December 9th, 2021, security researchers publicly disclosed a serious vulnerability in versions of a computer logging system known as Log4J, maintained by the Apache Foundation.  This vulnerability is sometimes referred to as Log4Shell or LogJam and is documented in CVE-2021-44228 by MITRE.  Classified as a “weaponized threat”, exploiting this vulnerability can grant the attacker full control over any device who’s software uses a vulnerable version of Log4J.

Log4j is a very powerful logging faculty and is used on many Internet-connected systems and devices, making this one of the most impactful security vulnerabilities in this decade.

Gensler has had zero impact to our work or our clients due to this vulnerability and we have followed our standard security operations procedures.  Gensler’s Wisp development team has confirmed that the Log4J library is not in use in our main application or any supporting services and applications. Gensler’s Security Operations team has already scanned our global infrastructure and IT Operations has applied patches in all necessary locations.  We advise all of our clients to do the same assessment and patching as quickly as possible, since this serious vulnerability has already been exploited against numerous businesses around the world.

More information is available here : https://nvd.nist.gov/vuln/detail/CVE-2021-44228 & https://www.cve.org/CVERecord?id=CVE-2021-44228

Please reach out to your Wisp Advisor with any additional questions or concerns.