December 16th, 2021
VisualVault / GRM are aware of the recently disclosed issues relating to the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) exploit.
We have taken actions to ensure the VisualVault platform is not impacted by this exploit. Our limited use of Java as part of the VisualVault platform uses a different logging library for integration with AWS. We have communicated with our AWS Enterprise support team to confirm the AWS platform is protected from the Log4J exploit as stated here: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/.
We continuously scan for vulnerabilities and suspicious traffic patterns using tools developed by multiple industry leading security vendors including a security incident and event monitoring platform, Web application firewalls, automated vulnerability rule updates, and automated suspicious traffic blocking algorithms.
If you have any more questions about this exploit or anything else security related, please reach out to our security team at [email protected].