Monitoring - A fix has been implemented and we are monitoring the results.
Feb 4, 16:16 EST
Identified - Otava is aware of the remote code execution vulnerability in Apache Log4j. This vulnerability is also known as Log4shell and has the CVE assignment CVE-2021-44228
Log4j is a Java based logging audit framework. Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.
IMPORTANT: This is a notice of a critical vulnerability and related threat; this is NOT a notice that we have been compromised as a result of this vulnerability.
Otava Security has been actively working with our third-party service partners and will apply critical patches immediately upon release. Otava has currently applied "known" security signatures for perimeter defense sensors, is actively scanning for such security vulnerabilities in all data centers and will continue active monitoring for all data centers for any bad actors and related malicious behavior.
If Otava does not manage your infrastructure devices we still recommend you follow vendor best practices and guidelines regarding patches for this vulnerability.
If you have questions about products or services that Otava can help provide please reach out to your account representative for further discussion.
Status updates can be viewed at Status.Otava.com where this incident is published. ALL customers can subscribe and receive real-time updates as we proceed.
Dec 14, 19:01 EST
Investigating - VMware has released a notification of a critical vulnerability related to Apache. Otava is currently investigating the vulnerability and will be applying changes within the Otava network infrastructure in the attempt to mitigate any risk while Otava works with the vendor.
Dec 12, 16:17 EST