Visionary Log4j Vulnerability Update
You may be aware of the Apache Log4j2 vulnerability as it has been hot topic in the technology world in the last week. Rest assured, Visionary is taking this issue seriously and we are continuing to monitor updates. We are not aware of any compromise to the security or degradation of the availability of the websites and applications we host as a result of the Log4j2 vulnerability.
Here are important things you need to know about how the Log4j2 vulnerability, its potential impacts, and steps we have taken to ensure the security of all of our systems.
- Java-based issue. Log4j2 is a logging tool used in Java-based applications. Visionary uses Java in a handful of systems. However, Log4j2 is NOT installed in any of those systems, so that eliminates the opportunity to exploit the vulnerability with Log4j2.
- Firewall updates. We have taken steps to keep our systems protected by making sure our firewalls and other exterior protection devices are updated with the latest security patches.
- Microsoft Azure. Many of our applications and websites are hosted with Microsoft Azure. Microsoft has made this threat a high priority and continues to publish technical information to help Visionary detect, investigate and mitigate attacks. We are actively monitoring these bulletins.
- Tableau. Visionary uses Tableau in some of its data analysis projects. Salesforce, who owns Tableau, is in the process updating the software to remediate the Log4j2 vulnerability. We will update our versions of Tableau as soon as the patch becomes available.
Should you have questions or need additional information of Log4j2 vulnerability and its impact to your website or application, please feel free to reach out.