In short:

Recright systems are not using vulnerable Java services. Even though we are not directly affected by the issue, we have added extra monitoring to keep our eye on the situation and future developments.

Background:

Information security researchers have discovered a Log4shell zero-day vulnerability (CVE-2021-44228) in the Apache Java logging library Log4j. The vulnerability could allow attackers to remotely execute commands on a server.The tech team at Recright started a situation assessment as soon as we got news of the vulnerability. We have checked all of our services and made sure that the Recright core system does not use any vulnerable Java services.As a precaution we have taken one of our legacy systems completely offline. This system is not part of our core service and the shutdown should not affect any of our customers.

If you have any questions, please contact support@recright.com.

Best regards,

Antti-Jussi Inkinen

Head of Development

References:
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://logging.apache.org/log4j/2.x/security.html
https://www.kyberturvallisuuskeskus.fi/en/varoitus_5/2021

Did this answer your question?