ScreenSteps

Response to the Apache Log4j2 Remote Code Execution (RCE) Vulnerability

Updated

CVE-2021-44228 - ESA-2021-31

What happened?

For information about the recently announced security vulneratibility, please see this article from the Apache Logging Services website.

Is ScreenSteps affected?

We have audited the ScreenSteps web and desktop application to see the applications or any supporting tools are affected by the Log4j2 vulnerability. No vulnerabilities have been found. 

What is being done?

On December 10th, very soon after the Apache Log4j2 RCE Vulnerability was announced, ScreenSteps implemented a firewall rule on our web application firewall (WAF) that automatically blocks requests from bad actors trying to exploit the vulnerability. 

In addition, ScreenSteps has audited the web application and the desktop software to see what impact, if any, the Apache Log4j2 RCE Vulnerability could have on our systems (see results above).

We will continue to monitor our systems and announcements related to Log4j2.

Previous Article ScreenSteps Accessibility Updates April 2018
Next Article New Admin Interface
Still Need Help? Contact Us