Description

The "Apache Log4J" utility in versions 2.0.0 and older, as well as 2.14.1, currently contains a serious vulnerability. This vulnerability allows attackers to execute malicious code remotely if the attacker executes a certain character set on the system using a JNDI-LDAP server search.

Risk

The attacker can infiltrate malware into the system and execute it through this vulnerability.

IAM.cloud statement

An examination of the services of the IAM.cloud came to the following results:

  • The IAM.cloud applications in the Microsoft Azure instance do not use any of the vulnerable versions of "Apache Log4J", so that no further actions are required.
  • The IGAnow Gateway Service does not use any of the vulnerable versions of "Apache Log4j" and is therefore not vulnerable.
  • In principle, we recommend our customers and partners to examine all systems that are directly or indirectly connected to the IAM.cloud and that are not originally provided by IPG Group AG in order to avoid hidden infiltration in various ways.

Contact

For further inquiries, we are at your disposal. Either use the contacts you have named or contact us at customer.care@ipg-group.com