The Apache Log4j vulnerability: What you need to know

On December 9^th 2021, Apache published a zero-day critical vulnerability (CVE-2021-44228) for its widely popular Apache Log4j, and is being referred to as “Log4Shell.” This vulnerability is considered “critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you haven’t yet heard the news, this is a severe risk with a major security flaw being discovered.

When exploited, an attacker can run arbitrary code on a device and gain full control of the exploited device — this will render the device compromised, and may impact other devices trusted by the compromised device which is now controlled by the attacker.

What does that mean for you? What iManage products have been affected? How has iManage responded to this vulnerability?

NOTE: RBRO products do not use any Java libraries, including Log4J. This vulnerability will have no impact on any of our products.

iManage products affected by this issue

iManage has released mitigation steps on the latest Apache log4j vulnerability (see iManage for complete details). The following components listed by iManage are affected by CVE-2021-44228 and require action to remediate the issue.

NOTE: All cloud issues have been mitigated and there was zero impact to any customer data stored in iManage Cloud.

iManage Work Server is not affected by this issue.

We are committed to security

RBRO Solutions has identified the affected components and we are updating our systems and products. Our security team and their efforts completed the investigation of its own devices and networks and found no evidence of compromise at this time.

If you require additional information, please do not hesitate to contact your RBRO Solutions representative.