Log4Shell vulnerability update: Monterosa’s response to CVE-2021-44228

Simon Brickle
Chief Operating Officer

Monterosa’s infrastructure and security team is aware of the critical vulnerability ref: CVE-2021-44228, also called “Log4Shell” in some reports. You can read more about the issue on this Crowdstrike blog.

The component affected by this vulnerability is a low-level logging tool called “log4j2” which is used by both commercial and open-source products. We are reviewing the guidance from the providers of software products used in our infrastructure and applying security updates where necessary.

Update 16/12/21

We have reviewed our own application code as well as the information provided by suppliers of infrastructure and applications that are dependencies of our platform. The results indicate that the overall risk to Monterosa and our customers is low, however we will continue to monitor the situation.

Service or system dependency Security Bulletin Summary
Monterosa / Interaction Cloud Internal review shows that Log4j has not been used at any time. Low risk
Amazon Web Services Bulletin 1
Bulletin 2
Low risk
Databricks Bulletin Low risk
Elastic Search Bulletin Low risk
Atlassian Bulletin Low risk
Google Workspace None yet Medium risk

We will continue to update this story with more news as the situation develops.

Powered by the leading Real-time Engagement Platform for audience and fan engagement
Learn more
No items found.
No items found.
No items found.