Monterosa’s infrastructure and security team is aware of the critical vulnerability ref: CVE-2021-44228, also called “Log4Shell” in some reports. You can read more about the issue on this Crowdstrike blog.
The component affected by this vulnerability is a low-level logging tool called “log4j2” which is used by both commercial and open-source products. We are reviewing the guidance from the providers of software products used in our infrastructure and applying security updates where necessary.
We have reviewed our own application code as well as the information provided by suppliers of infrastructure and applications that are dependencies of our platform. The results indicate that the overall risk to Monterosa and our customers is low, however we will continue to monitor the situation.
We will continue to update this story with more news as the situation develops.