cancel
Showing results for 
Search instead for 
Did you mean: 
paul_snyder
CS Dental Employee
CS Dental Employee

Carestream Dental Advisory: Apache Log4j Vulnerability

Carestream Dental Advisory: Apache Log4j Vulnerability

 

You may have seen recent media reports regarding a zero-day vulnerability in the Java logging library Log4j, which is used extensively across multiple vendors and platforms internationally.

 

Carestream Dental is aware of this vulnerability and is actively working on identifying any instance of this possible vulnerability on our internal systems, backend customer management systems and/or customer hosting platforms. Where appropriate, our teams have updated firewall rules, applied patches or upgrades on affected systems, and are continuously monitoring for evidence of attempted exploits. Additionally, we are working with our vendors to ensure that they are also actively working on securing their platforms.

 

For customers where Carestream Dental provides management of systems, we have identified a small number of internal systems that may be at risk of this vulnerability and have applied appropriate safeguards to reduce vulnerability risk.  We will continue to monitor the situation and will take additional remedial measures, as appropriate.

 

Customers who manage their own environments are advised to read all available vendor advisories and take mitigating action where possible.

 

A selection of vendor updates can be found on the below links;

 

NIST general advisory with vendor links - https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Microsoft advisory - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

Amazon AWS advisory - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/#

 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

 

Should you have any questions or concerns then please contact the Carestream Dental Service Desk or your aligned Customer Success Manager.

 

Kind Regards,
Carestream Dental

0 Kudos
Reply