Heimdal™ Official Statement on Log4Shell Vulnerability

Copenhagen, December 13th, 2021 – In regards to the recently discovered CVE-2021-44228 (i.e., log4j or Log4Shell vulnerability) Heimdal™ executives have issued the following statement:

Heimdal™ Security has acknowledged the existence and inherent criticality associated with the use of the log4j logging framework. Consequentially, we would reassure our customers and business customers who are using Heimdal™ web-based services that the log4j vulnerability does not impact the quality of our service nor the data integrity, or the client’s privacy.

Heimdal™’s web-facing services are PHP-reliant, meaning that the exploit cannot be used against our userbase. Furthermore, since log4j is endemic to the Java programming language and with no discernable connection between the two languages in terms of syntax, it’s highly unlikely for the exploit to be leveraged in compromising PHP-based web services

Trailing the Log4Shell Thread

We remind our customers and business customers that the log4j vulnerability is regarded as one of the most critical design flaws discovered in the last decade. Discovered on Friday and earmarked CVE-2021-44228e, log4j or log4Shell can enable threat actors to run arbitrary (and malicious code) on vulnerable, Apache-curated web servers for the purpose of exfiltrating sensitive data.

Preliminary telemetry has revealed that the zero-day flaw affects

Read More: https://heimdalsecurity.com/blog/log4j-vulnerability/