Statement on Log4j Vulnerability

Updated on 3:41pm (PST) on December 20, 2021

The Log4j vulnerability was disclosed by the Apache Software Federation on December 9th, 2021 (https://logging.apache.org/log4j/2.x/security.html). This vulnerability impacts the Log4j logging library that is used in many applications that contain Java and allows third party attackers to run code on a vulnerable server with system-level privileges.

Upon receiving reports regarding this threat, Asprodental’s database management team began a systemwide screening of our codebase and is actively working to identify any potential impacts to the system and prioritizing any necessary patching. Asprodental’s layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

Asprodental’s current plan of action includes the completion of our full system screening, active remediation of any discovered vulnerabilities, and an investigation into the log4j patch along with all subsequent versions. The database team continues to closely monitor and respond to this developing situation as it does with all reported vulnerabilities.