And Yet Another Vulnerability: The Log4j Flaw

A few days ago, a critical flaw was found in the Apache Log4j logging service (version 2.0.1 through to, but not including, version 2.15.0). These vulnerabilities (CVE-2021-44228CVE-2021-45105CVE-2021-45046CVE-2021-44832) allow attackers that can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when the message lookup substitution option is enabled.

We understand that our customers might be concerned about whether our systems are vulnerable to the Log4j flaw, and we wanted to share the following statement directly from our Engineering and Security teams.

OneLogin is aware of the Log4j flaw (also now known as “Log4Shell”), a zero-day vulnerability (CVE-2021-44228) that first came to light on December 9, 2021. We have performed an audit and security review of the relevant OneLogin technologies and are not aware of any impact at this time. OneLogin will continue to monitor the situation and assess the impact of developments that come to light.

As always we value Security First, and we are constantly striving to ensure that our systems and the data that you entrust with us is protected.

About the Author

Alicia Townsend

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

Related Articles