Statement on Apache Log4j2 Issue (CVE-2021-44228)
Uva Software LLC is aware of the recently disclosed issues relating to the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) and we have taken steps to ensure the protection of our systems and our customers' data:
- Audited all of our systems for potential exposure to the vulnerability and determined that we are not vulnerable since we do not utilize the open source library at the source of the incident
- Audited all of our external dependency libraries and upgraded them as needed to protect against potential similar exploits
- Increased our security monitoring, developing specific rules to monitor log4shell attack attempts
As this is undoubtedly a fluid situation, we will continue to closely monitor and provide further updates as needed. As always, please feel free to reach out to support if you would like more details or have specific questions you would like to ask our security team.