Log4Shell – FirstAttribute software solutions not affected
The NCSC is highlighting a critical vulnerability in Apache Log4j. The major vulnerability, named Log4Shell, was discovered on December 10, 2021 in the Java library Log4j developed by the Apache Software Foundation.
FirstAttribute is not affected by this.
FirstAttribute software solutions
FirstAttribute customers are not at risk from this security issue.
FirstAttribute’s software and services do not use Log4j. The development is not done in Java. Web applications developed by FirstAttribute do not use Apache web server technology for deployment.
Our software and services are not affected:
- FirstWare IDM-Portal
- FirstWare DynamicGroup
- FirstWare AD-Inspector
- my-IAM PeopleConnect
- my-IAM TeamSpace
- my-IAM DynamicSync
It is not necessary to update the existing installations. However, we generally recommend using the latest version and performing regular updates. To download the latest versions or make an appointment with our specialists, see links above.
How does Log4Shell work?
The Java library Log4j is designed to record information about a software, such as error reports (logging).
This vulnerability allows an attacker to send the server a link to a web page and have it read the contents of the page. If the page contains Java code, the server is able to execute that code.
This vulnerability is particularly dangerous because it provides a way to remotely execute code on any vulnerable server.
The NCSC reacted quickly and issued a warning about this vulnerability, as it affects a Java library used by thousands of companies.
An update for Log4j is available
A patch was hastily released by the Apache Foundation over the weekend, but it needs to be installed by server owners. Some affected companies, such as Mojang, the publisher of Minecraft, have also posted several warnings on their respective websites, asking all server owners to apply the proposed update as soon as possible.
Safety has top priority
For FirstAttribute, data security is a high priority. All of our products deal with the secure management of identity data and access rights. We continuously monitor and improve our software applications and services to ensure that our customers can handle their data securely.
With the help of security measures such as SSO, MFA or RBAC, as well as controlled user and authorization management (including automation and approval workflows), our solutions increase the security of identity data in your company. Detailed auditing also ensures absolute traceability of all actions.
If you have any questions about the Log4Shell attack or would like to verify the security of our software solutions, please feel free to contact us.