ImageSilo - Log4J Vulnerability
Please see the official statement below from Digitech regarding the Log4J vulnerability and their ImageSilo systems.
”Late last week, a critical security vulnerability in the open source Apache logging library (log4j) was disclosed to the public. ImageSilo Engineering immediately began a thorough review of all systems to determine the impact of this vulnerability on ImageSilo systems and customers. The vast majority of software utilized by ImageSilo does not contain or utilize Apache libraries, making the vulnerability a non-issue for those systems. In addition, the network and security architecture of ImageSilo would have prevented the exploitation of this vulnerably if it existed. For the handful of ImageSilo systems that utilize Apache software, no systems were found that present a risk of exploitation.
In addition to the review of our own systems, we are monitoring any AWS services used by ImageSilo to ensure that patches or mitigations are put in place by AWS.
While the initial review of the impact of this issue has shown a very limited exposure to this vulnerability, we continue to monitor and evaluate the situation. As always, the integrity, security and availability of our customer’s data is of utmost importance.”
CASO Knowledge Base