Vulnerability found in Apache Log4J

December 16, 2021

Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by this vulnerability.

Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability.

As companies became aware of this vulnerability, company’s have responded to reassure their customers. ECI said: “Our Security, Cloud Operations, and Product Development teams have worked diligently over the last 24 hours to assess and mitigate our use of Log4j. We have found very few instances of our direct use of Log4j and have remediated these vulnerable versions within our Cloud Offerings.

“We continue to monitor the situation and will keep you apprised of any important updates.”

Ricoh confirmed some products and services that it develops, manufactures, and offers are not impacted by this vulnerability. Ricoh products and services not listed are under ongoing investigation.

MPS Monitor responded: “Security is a top priority at MPS Monitor, so we have been actively reviewing our infrastructure to assess our exposure to this vulnerability and to ensure we continue to maintain a secure environment for you and your customers.

“As a result of this full and extensive assessment, we can state that MPS Monitor does not suffer of any risk coming from this vulnerability.”