You may have heard the news about the security vulnerability in Java known as “log4j,” an open-source, Java-based logging utility widely used by enterprise applications and cloud services. We want to help you understand the problem and let you know we've taken steps to verify that KUDO service users are NOT impacted by this recently discovered vulnerability.
About the vulnerability
- The vulnerability (CVE-2021-44228) is classed as severe.
- If successfully exploited, a malicious actor could take control of an affected system.
- The Cybersecurity and Infrastructure Security Agency (CISA) has urged users and administrators to apply the recommended mitigations "immediately" to address the critical vulnerabilities.
What this means for you
Most importantly, KUDO service users are not affected by this recently discovered log4j vulnerability.
KUDO doesn’t rely on the log4j utility, and our Information Security Department has undertaken all appropriate steps and conducted the necessary reviews to ensure that our services are not affected. At KUDO, we give information security and the security of our services the highest priority and will continue to stay abreast of the latest developments and threats.