The United States Cybersecurity and Infrastructure Security Agency issued an alert about the vulnerability on Friday 10 December 2021



The Developers of OMNIA have put out this information regarding the Log4j Vulnerability.


The vulnerability affects specific versions of log4j (Apache Log4j 2.x <= 2.15.0-rc1). Our OMNIA installations thus far have been using V1.x. 


Furthermore, this is not of concern unless the OMNIA web server is exposed on the internet. If the web server is accessible only on the secured internal network then this is not a risk.


We do not recommend exposing the OMNIA web interface on the internet.


Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly released the following statement today on the “log4j” vulnerability: (Excerpt from statement)


CISA recommends asset owners take three immediate steps regarding this vulnerability: 

 

   1. Enumerate any external facing devices that have log4j installed. 

   2. Make sure that your security operations center is actioning every single alert on the devices that fall into the category above. 

   3. Install a web application firewall (WAF) with rules that automatically update so that your SOC is able to concentrate on fewer alerts. 

What is Log4j and why does it matter?


Log4j is one of the most popular logging libraries used online, according to cybersecurity experts. Log4j gives software developers a way to build a record of activity to be used for a variety of purposes, such as troubleshooting, auditing and data tracking. Because it is both open-source and free, the library essentially touches every part of the internet.