Caught In The Crosshairs
The critical vulnerability disclosed last week in Java logging package Log4j left cybersecurity vendors scrambling to assess their potential exposure. Vulnerable code can be found in products from prominent identity and access management vendors like CyberArk, ForgeRock, Okta and Ping Identity, as well as security firms who serve the SMB community through the channel like Fortinet, SonicWall, and Sophos.
“We have been continuously monitoring for Log4Shell [formal name for the Log4j vulnerability] exploit attempts in our environment and have been urgently investigating the implications for our corporate and production systems,” Rapid7 wrote in a blog post Tuesday. “Log4Shell has kept the security community extremely busy for the past several days, and we are no exception.”
Cybersecurity companies with affected versions of Log4j code have been hard at work since Friday developing workarounds, patches and updated versions of their products that eliminate the risk of exploitation. But permanent or even temporary fixes still remain elusive for many of the vulnerable products.