Log4j Vulnerability Announcement
December 13, 2021
Updated: December 15, 2021
On December 9, 2021, a vulnerability for Log4j was publicly released. Log4j is a commonly used logging library made by the Apache Software Foundation. This critical vulnerability impacts all versions of Log4j from 2.0 to 2.14.1. We highly recommend reviewing any usage of Log4j and applying mitigations in accordance with the Apache Log4j Security Vulnerability guidance. More information on this vulnerability, named Log4Shell and known as CVE-2021-44228, may be found on the Apache Log4j Security Vulnerability page.
Since we became aware of this vulnerability, we have been evaluating Park Place Technologies services and systems to determine if any are potentially vulnerable to this exploit.
- Our security operations team has updated all our signatures to ensure that we can detect attempts to exploit this vulnerability.
- We have created custom alerts and IOCs to detect any activity that may be associated with this exploit.
- We have reviewed and scanned all our systems and identified instances where we will need to update the library.
- We are working directly with our vendors to ensure they are providing timely updates.
- We have applied workarounds where necessary, until patches become available.
The vulnerability exists in the log4j 2.x libraries that are present in the following versions of Entuity:
- Version 19 (Patch Released)
- Version 18 (Patch Released)
- Version 17 (Patch Released)
We recommend that all customers upgrade to the latest patches as soon as they are available.
ParkView Hardware Monitoring
No impact on our customers, our internal systems have been updated. This includes ParkView-I, ParkView-E, REM, the ParkView Hardware Virtual Machine (VM), and the Patrol Agent.
No impact on our customers.
ParkView Network Management
All customers have been automatically upgraded to the latest patch.
ParkView Server Management
No impact on our customers.
If you have any questions or concerns, please reach out to your Account Manager or our Support Center. We will continue to update this page with the latest status of all impacted services.
Many providers and vendors have been impacted by this vulnerability. Please review notifications and guidance from other providers and vendors as to how to apply workarounds and patches on other systems.
- Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
- CVE-2021-44228 – Apache Log4j Remote Code Execution Vulnerability
- Worst Apache Log4j RCE Zero day Dropped on Internet – Cyber Kendra
- Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaSec
- CVE-2021-44228 – Log4j 2 Vulnerability Analysis – Randori Attack Team
- CVE – CVE-2021-44228 (mitre.org)
- Log4j – Apache Log4j Security Vulnerabilities
- Release log4j-2.15.0-rc2 · apache/logging-log4j2 · GitHub