As you have probably heard in the media, a warning has been issued from the Dutch National Cyber Security Center about a vulnerability that can potentially cause major damage.
A serious vulnerability has been found in Apache Log4j2, see link CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228CVE-2021-44228.
This is software that is widely used in web applications and all kinds of other systems. The vulnerability allows attackers to exploit remote Web server privileges.
ScreenCheck took immediate action yesterday and checked all systems managed by ScreenCheck, such as the SAAS CardsOnline web servers for the presence of the Apache Log4j2 tool. The result of the investigations is, that on NONE of the servers managed by ScreenCheck this tool has been found and is not installed by default. So, we hereby confirm that the above vulnerability does not pose a risk for any attacks on the servers managed by ScreenCheck.
Regarding CardsOnline servers, run on-prem and managed by the own organization, we strongly advice the IT department to check for Log4j2 installation and to update the tool and/or server if applicable. For the correct functioning of CardsOnline and/or Service Portal, the Log4j2 tool is not required and is not installed by default, but it may be installed with other plug-ins by the own organisation.
If you have any further questions about this message, please contact the ScreenCheck support desk via email support@screencheck.com.