In the previous days, a vulnerability in the Log4j logging framework has been affecting multiple versions of a widely distributed Java component, Apache Log4j.
CVE-2021-44228, the biggest bug affecting the internet in the past decade, is a high-profile vulnerability that allows unauthenticated remote code executions, letting attackers gain full control of the affected servers and/or applications.
Unfortunately, the Apache Log4j library is a key component that is widely used across many commercial and open-source solutions, services, websites, vendors, and software packages, making this vulnerability critical for many. The main reportedly vulnerable are several popular websites, apps, and services such as Minecraft, iCloud, Twitter, and Steam, among others.
Some of these services, such as Minecraft, have already patched the solution, and have urged their user base to update to the latest version, but many others remain vulnerable.
Is Openprovider vulnerable to CVE-2021-44228?
At Openprovider, we have never used the Log4j logging framework in any of our applications. This means there is no threat for you and no action has to be taken on your end or our end. Our main suppliers, Plesk and Sectigo, do not use Log4j and they are also unaffected by this threat.
If you would like to find more information about this attack, please visit this resource that summarizes this situation, its scope, and possible solutions for those who may have been affected.