13 December 2021

Log4j zero-day Vulnerability

eFileCabinet is aware of a recently discovered security vulnerability in the Java library, log4j also known as Log4Shell (NVD – CVE-2021-44228), which is a popular logging library for Java applications.

Based on a careful evaluation of code and components used in our hosted solutions, Rubex Cloud, eFileCabinet Online, and SecureDrawer, as well as updates applied to these offerings in the past days, we can confirm that these solutions are not vulnerable to the log4j exploit. We are currently working with our vendors, who provide supporting functionality to our products and services, to ensure they patch their software/systems, if necessary. As such, there is no further action needed to secure eFileCabinet hosted applications against Log4Shell.

Customers using Rubex Private Cloud, our new on-premises offering, should update their on-premises software to address this vulnerability immediately. Detailed instructions on how to download and apply this update are being sent to those customers directly.