More information about the vulnerability: https://www.kyberturvallisuuskeskus.fi/fi/varoitus_5/2021
Log4j is a widely used Java library for logging application information. It is used in enterprise software applications, including custom applications developed by companies themselves, and it is part of many cloud services.
A continuously updated list of vulnerable applications can be found here: https://github.com/NCSC-NL/log4shell/tree/main/software
Enter’s own service products (Enter Ruutuvihko, Enter Valvonta and Enter Etähallinta) are not vulnerable.
Information about how Enter works to fix the vulnerability
If Enter detects that a vulnerable system is in use by one of our customers, we will contact the customer and agree on the necessary action.
We will prioritise the repair of vulnerable applications and systems in the following order according to urgency:
- Public internet sites/services under our customers’ own control
- Applications located in our customers’ intranets, and management interfaces for various systems
Our customers have many different applications from different software vendors. Enter constantly monitors the vulnerability situation. Software vendors are constantly releasing new vulnerability information and system updates.
If you receive Log4j-related bulletins from your software vendors, you can forward them to Enter’s Service Desk firstname.lastname@example.org – we will find out how it affects you.