First, we want you to know that the Banyan Security solution is not impacted by the Log4j vulnerability.
As Banyan’s Chief Security Officer, I not only want to make sure that the Banyan organization and product offering are safe, but I’m interested in making sure our customers and partners are safe as well.
A severe vulnerability in the popular Java-based Apache logging library Log4j was recently discovered being exploited in the wild, and you’re no doubt seeing important communications from your tool stack vendors with recommendations for patching and remediation.
This library is used by thousands of services around the world, facilitating logging from applications into log files. The vulnerability allows unauthenticated remote code execution (RCE) and access to servers.
Please know that the Banyan Security Zero Trust Remote Access solution is not impacted by this vulnerability, as we do not use this library or Java.
This vulnerability does, however, merit your attention, so we’ve compiled some select resources for your consideration.
At time of writing there are 10 CVEs related to the Log4j vulnerability. Remember that just because a vulnerability is “old” doesn’t mean it poses any less risk to your organization. Successful security programs manage vulnerabilities to their respective risk, and four of these are considered Critical.
As you can imagine there are lots of resources out there that explain this in more detail; here’s a select few we recommend:
CVE Details: https://www.cvedetails.com/product/37215/?q=Log4j
If you have any questions about the Banyan solution, please do not hesitate to reach out.