Status of Response to Apache Log4j Vulnerability (CVE-2021-44228)

We would like to inform you of the status of our investigation and response to the vulnerability of Apache Log4j*, which was released on December 9, 2021.
 

For the service meviy all vulnerabilities related to the Log4j vulnerability have been addressed!

 

Investigation information and countermeasures:
  • • The meviy server application does not use the targeted library
  • • As a countermeasure, WAF rules to block attacks against the log4j vulnerability were applied on December 13
  • • Some middleware that does not perform external communication uses log4j, and an update to the relevant middleware was implemented on December 21

We will continue to collect information on this vulnerability and implement countermeasures as needed.

 

*Apache Log4j is a widely used library for Java-based systems. The vulnerability disclosed on December 9, 2021, if exploited, could allow a malicious third party to execute arbitrary code by sending crafted data.