Security notice: log4j Java Vulnerability

A vulnerability, called Log4Shell, was found in Log4j 2. Log4j is an open-source Apache logging library. This library is used by many popular applications, services, and Java components. The vulnerability is indexed as CVE-2021-44228 and assessed as a critical vulnerability. The flaw enables an attacker to execute arbitrary code on the affected system. Even though the vulnerability is severe, our products and services are not impacted.

Should I be worried?
Our security team has just wrapped up a thorough analysis of our own systems. We have not identified any services, products, or applications that are at risk. However, we will continue to monitor the vulnerability as details are unfolding. cPanel also had this issue fixed if you had Solr plugin installed (auto-update would have fixed that issue a couple of days ago and DirectAdmin does not use log4j so if you have any managed server with us or have auto-update on cPanel (by default) issue does not apply to you.

 

What can I do?
Even though UnderHost applications are not affected, there is a possibility that your services are impacted. This is due to the unmanaged nature of our servers, and the fact that you have full control over your server.
 
We have detailed steps to identify the vulnerability with links to tools you can use to protect yourself.
 
The NCSC has released a list of affected software and what steps you can take. This list will almost certainly be expanded, so check it regularly for updates for your system.
Scan for the vulnerability by using one of the tools provided by the NCSC or the NIST.
Contact the administrator or owner of your server if you do not maintain it yourself.
Read the security advice from the NCSC carefully and make sure you’re up to date via the following link.
Make a backup of all critical data if you are affected.
Make a list of used services and applications and check the latest communications from these suppliers.
Perform updates to the software on your server and keep a close eye on the latest updates.

Should you have any pressing questions regarding this subject, please let us know?


Simply open a request at our cP support desk via CustomersPanel.com

partners partners partners partners partners partners partners partners