Jebbit Update on Log4j Vulnerability

A new vulnerability named Log4j (also known as Log4Shell) came to light on December 9th and is officially called CVE-2021-44228 (CVE number is the unique number given to each vulnerability discovered across the world). This vulnerability is based on an open-source logging library used in most applications by enterprises and even government agencies.

The exploits for this vulnerability are already being tested by hackers, according to several reports, and it grants them access to an application, and could potentially let them run malicious software on a device or servers.

At this time, Jebbit has taken all appropriate action to prevent exploitation of the recently discovered Log4j vulnerability, nor do we have any evidence to suggest the occurrence of a security incident. Jebbit utilizes many pieces of open source software (OSS) to provide the best services possible. One such technology is ElasticSearch, which has been found to be vulnerable to this exploit. Based on this response by Elastic Cloud, where our Elasticsearch clusters are hosted, we have determined that our particular version is not affected by the vulnerability.

We will continue to actively monitor the situation and respond accordingly as it develops. Jebbit remains committed to providing and maintaining a secure environment for all its customers and their end-users.

If you have any additional questions, please feel free to reach out to your customer success support team at Jebbit.