Log4j zero-day Vulnerability

eFileCabinet is aware of a recently discovered security vulnerability in the Java library, log4j also known as Log4Shell (NVD – CVE-2021-44228), which is a popular logging library for Java applications.

Based on a careful evaluation of code and components used in our hosted solutions, Rubex Cloud, eFileCabinet Online, and SecureDrawer, as well as updates applied to these offerings in the past days, we can confirm that these solutions are not vulnerable to the log4j exploit. We are currently working with our vendors, who provide supporting functionality to our products and services, to ensure they patch their software/systems, if necessary. As such, there is no further action needed to secure eFileCabinet hosted applications against Log4Shell.