Log4shell bulletin

Critical Log4shell vulnerability in the Apache Log4j component

On 10 December 2021, the National Cyber Security Centre issued a warning about a vulnerability related to the Log4j component.

More information about the vulnerability: https://www.kyberturvallisuuskeskus.fi/fi/varoitus_5/2021

Log4j is a widely used Java library for logging application information. It is used in enterprise software applications, including custom applications developed by companies themselves, and it is part of many cloud services.

A continuously updated list of vulnerable applications can be found here: https://github.com/NCSC-NL/log4shell/tree/main/software

Enter’s own service products (Enter Ruutuvihko, Enter Valvonta and Enter Etähallinta) are not vulnerable.

Information about how Enter works to fix the vulnerability

If Enter detects that a vulnerable system is in use by one of our customers, we will contact the customer and agree on the necessary action.

We will prioritise the repair of vulnerable applications and systems in the following order according to urgency:

  1. Public internet sites/services under our customers’ own control
  2. Applications located in our customers’ intranets, and management interfaces for various systems

Our customers have many different applications from different software vendors. Enter constantly monitors the vulnerability situation. Software vendors are constantly releasing new vulnerability information and system updates.

If you receive Log4j-related bulletins from your software vendors, you can forward them to Enter’s Service Desk service@enter.fi – we will find out how it affects you.

Contact us

Read more