How can we help?
Prevalent FAQ for CVE-2021-44228
This advisory provides customers with an update on whether Prevalent services are affected by the Apache Log4j vulnerability (CVE-2021-44228), also known as Log4Shell.
What is this vulnerability?
On December 9, 2021, security researchers announced a zero-day vulnerability, CVE-2021-44228, impacting the widely-used Apache Log4j Java-based logging library. Known as Log4Shell, the vulnerability can allow unauthenticated remote code execution and access to servers – in effect, a complete takeover of vulnerable systems.
How does this vulnerability affect Prevalent?
Prevalent’s security team has confirmed that the Prevalent TPRM Platform is not vulnerable, and no action is required by our customers.
Can you assist my organization determine it’s third-party exposure to Log4Shell?
Prevalent has curated an 8-question assessment that can be leveraged to rapidly identify any potential impacts to your business by determining which of your third parties utilize Log4j in their applications, and what their mitigation plans are.
Need more help?
If you have any further questions or concerns with this issue or others, our technical and managed service teams are on call.