CloudBlue is Not Affected by Log4j Vulnerability

There is a new code concern that has emerged in the MSP world, and it has many software vendors and IT service providers scrambling.

A vulnerability in Log4j, a piece of open-source code available from Apache Software Foundation that can be found in software used by some of the world’s most prominent companies including technology vendors and managed service providers (MSPs), was exposed late last week.

Log4j is a widely used Java library for logging error messages in applications. The vulnerability, known as CVE-2021-44228 and originally reported in a blog post by the video game Minecraft, allows hackers to communicate with Log4j remotely via the internet.

The implications for MSPs and software vendors are severe, as it puts basically any device that is exposed to the internet and runs Apache Log4j, versions 2.0 to 2.14.1 at risk.

CloudBlue is not impacted by Log4j

CloudBlue is not affected by the Log4j vulnerability. Although the CloudBlue platform does employ Log4j 1.x in its aps-tools package – which is a part of the Branding-UI component – this version does not fall into the affected versions of the code.

The CloudBlue platform also uses WildFly and ElasticSearch. While these software do contain a Log4j package, both are not vulnerable and statements from those vendors have been released confirming this:

CloudBlue’s security team has also completed a full review of the situation and have confirmed that there is no impact.

Additionally, a recent report from Black Knight Solutions, a web hosting service, found CloudBlue and Ingram Micro to be “not vulnerable” to the bug. Our professional services automation solution, CloudBlue PSA, does not employ Log4j[1] , and is therefore not impacted. For details we’ve published this knowledge base article.

We at CloudBlue know that it’s paramount for MSPs to be aware of the circumstances and risks involved with Log4j in order to employ proactive measures to protect against any current and future exploitation. Below you’ll find more information about the Log4j vulnerability, how it’s impacting MSPs and how IT service providers can take precautions.

What is Log4j?

CVE-2021-44228 is a code vulnerability in Apache Log4j, versions 2.0 to 2.14.1 that allows hackers to remotely execute code on a target computer, allowing them to conduct acts such as stealing data, installing malware or taking complete control of a system. The cybercrimes seen thus far have ranged from hacking in and stealing cryptocurrency, all the way to large-scale attacks on internet infrastructure. State-sponsored actors are also reported to be exploiting the bug.

Internet-facing systems as well as backend systems could contain the code vulnerability. Cybersecurity experts are especially concerned about hackers taking advantage of the bug to install ransomware, which can shut down systems until victims pay a fee to have them released again.

According to reports, Log4j has been downloaded millions of times and is among one of the most widely used tools to collect information across corporate computer networks, websites and applications.

Because the code has such a broad scope, the vulnerability may impact a very wide range of software vendors and services providers. Experts in security have said that there are hundreds of thousands of attempts being made currently by hackers to find vulnerable devices, with over 40% of corporate networks being targeted.

What should companies do?

If your organization runs the affected versions of Log4j, there are some key steps you can take.

Businesses should fortify back-end defenses by applying the patches provided by software vendors that employ the affected versions as quickly as possible. Vendors and service providers should also set up alerts for probes or attacks.

The Apache Software Foundation itself has released multiple updates in recent days and it is advised to upgrade to the latest version of the Log4j tool in order to patch any vulnerabilities.

Experts are also recommending that companies limit unnecessary outbound internet traffic, which could serve some value in protecting vulnerable systems.

Staying on top of status updates and associated technology vendor guidance will help to avoid potential supply chain attacks related to the bug. According to Apache, there is also a workaround to mitigate this vulnerability, and organizations who feel they have been exposed should leave no effort unattended.

Companies around the globe are also stepping up in a concerted effort to confront the Log4j vulnerability. The Netherlands’ National Cyber Security Centrum (NCSC) has posted a comprehensive list on GitHub of all affected products that are either susceptible, not susceptible, are under investigation or where a fix might be available. Meanwhile, Microsoft has created a series of steps to diminish the risk of exploitation. Also useful, Huntress has created a tool to help IT departments test whether their applications are vulnerable.

Finally, as many companies navigate this latest cybersecurity threat, it is paramount to have regular communication with customers and issue guidance as it becomes available. 

CloudBlue is monitoring the situation

The worldwide Log4j software cleanup could take months, and according to some experts even years, because thousands of third-party software products run the code and have been affected.

While companies employ measures to mitigate and remedy the risk, it is wise for businesses to taper down on outbound internet use in the near term. This will lower the probability of susceptibility—as with less exposure, comes less risk.

Although CloudBlue has been found to be secure against Log4j, we will be keeping an eye on the situation to ensure our customers are updated with the latest developments.

If you have any questions regarding the Log4j vulnerability, we invite you to contact together@cloudblue.com.

Read time
Share article
Newsletter
Get the latest expert advice and strategies in your inbox.

Subscribe to our newsletter

Monetize your SaaS subscription business with CloudBlue! Subscribe to our newsletter for expert insights, strategies, and tips to maximize your revenue potential.

By providing my Personal Data to CloudBlue and its affiliates, I agree to be contacted for marketing purposes and I acknowledge and agree to the collection and processing of my Personal Data in accordance with the Privacy Statement.

Tatiana serves as Head of Human Resources and HR Associate at Ingram Micro Inc., where she leads the HR function for CloudBlue globally.

Tatiana plays a pivotal role in shaping CloudBlue talent strategy. With a passion for fostering a positive work environment, Tatiana focuses on employee development, engagement, and well-being. She is committed to building a diverse, inclusive, and high-performing organization at CloudBlue. Based in Sofia, she collaborates closely with country HR teams across 16 countries where CloudBlue operates.

Prior to joining Ingram Micro in 2016, Tatiana held the position of HR Director at IBM’s regional office in Russia and CIS countries. Her HR career began with ING Bank and Unicredit Bank, and in 2008, she transitioned to the IT sector to lead HR functions at Kaspersky Lab. Tatiana holds a master’s degree in Biotechnology and Psychology, and she has also earned an MBA in Strategic Management.
Mike Jennett, Director of CloudBlue Platform Strategy, is an accomplished business and technology executive. With a deep focus on product development and go-to-market strategy, he plays a pivotal role driving strategic growth and market expansion.

Mike’s career is characterized by his adeptness in driving technological advancements and his commitment to leading digital transformations with experience including IDC where he was VP of the Mobility and Digital Transformation IEP practices, and HP where he held numerous leadership roles.

Mike’s expertise is also reflected in his published works and contributions to multiple tech publications. Mike holds a B.A. from California Polytechnic University.
Having previously to strategic product management, agile transformations, and user experience in CloudBlue, Taylor Giddens heads the Services & Solutions team where he ensures smooth delivery, operations and solution growth for our partners and customers.

The team includes technical account management, managed services, support, custom solution development, and customer enablement.

Prior to CloudBlue, his resume boasts leadership of some of the world’s largest companies during their digital transformations and marketplace launches. Taylor is a practitioner of servitude leadership when it comes to enabling his team to drive positive outcomes on the road to operational excellence.
Laurens van Alphen, a visionary entrepreneur with over 29 years of internet technology expertise, serves as Director of Technical Managed Services at CloudBlue, responsible for Operations and Delivery of CloudBlue SaaS.

As a Dutch racing champion and car enthusiast, he brings the same drive to the tech realm, steering Keenondots from a managed hosting firm to a global cloud enablement leader. Laurens is celebrated for his outcome-driven leadership, deep industry insight, and passion for balancing business innovation with client engagement.
Lincoln Lincoln is CloudBlue’s Head of Global Sales; having been with the company since November 2017. Leading CloudBlue’s global go-to-market organization, he’s responsible for driving accelerated and sustained mutual growth with CloudBlue’s customers and partners, as well as forming new customer partnerships across the Vendor and Provider ecosystem. As part of CloudBlue’s leadership team he is responsible the organisation’s revenue and continued market leadership by delivering and supporting products, services and solutions to organizations in established and new markets around the world.

Before joining CloudBlue, Lincoln was AppDirect’s Regional Director, Asia Pacific & Japan, responsible for forming, building and leading AppDirect’s business and operations across the APJ geography. He built and led AppDirect’s fastest growing and highest performing region globally within 3yrs.

Before joining AppDirect, Lincoln was EMC’s Practice Manager, Cloud Service Providers, APJ, working with the leading Service Providers to maximise their Cloud Business presence & market success. Lincoln joined EMC in 2007, and has over 20 years’ experience in the IT industry, having been based out of Singapore, Australia and the UK. Prior to EMC, he was in range of sales and channel positions at Symantec and VERITAS.

Lincoln has an Honours degree in Business Administration from Kingston University in the United Kingdom.
Brent Clooney is the Executive Director and Associate General Counsel for Ingram Micro Inc., and lead counsel for CloudBlue.

Brent is a Canadian based corporate lawyer with more than 20 years of experience as a strategic legal advisor both in private practice and as in-house counsel to large multi-national companies. Prior to joining Ingram Micro in 2008, he worked at a well-respected corporate law firm in Toronto, Canada and later served as general counsel for Toshiba Canada. During his 15-year tenure at Ingram Micro, he has held positions of increasing complexity and responsibility, and since being promoted to his current role in 2022, Brent is the legal lead for both Ingram Micro’s Canadian and global cloud businesses, as well as CloudBlue.

Brent holds a law degree (LL.B.) from Queen’s University, a Psychology degree (B.A. Honours) from Lakehead University, and has been admitted to the bar in Ontario, Canada since 2002.
Anurag serves as the Head of Product Management for CloudBlue and is responsible for product direction and driving innovation. His leadership has been marked by a keen focus on customer needs, growing the ISV ecosystem, and ensuring the continual evolution of CloudBlue’s product portfolio.

Anurag joined Ingram Micro in 2017 and has been instrumental in, positioning CloudBlue as an industry leading monetization platform for MSP’s, Telco’s and Distributors. Previously Anurag worked at Oracle and Microsoft where he managed many technology projects and programs.
As VP of Engineering of CloudBlue, Rony oversees the development and engineering efforts of the company. He is a recognized leader with more than 25 years of experience in Technology and Product.

Prior to joining CloudBlue Rony lead the R&D efforts at Tripwire acquired by Thoma Bravo, and Cedexis acquired by Citrix. Rony is a leader with extensive experience in transforming both complex technology problems into products that customers love and disjointed organizations into agile high performing teams.
Coen is a distinguished leader and entrepreneur in the realm of cloud technology. Currently serving as CEO of Keenondots and the Global Director of CloudBlue SaaS. He is passionate about driving innovation, fostering collaboration, and leading high-performing teams to achieve transformative results.

With a background as Managing Director of INTO Cloud and a pivotal role as Director of Products of KPN, he brings a wealth of experience in steering organizations through the complexities of the digital landscape.

Beyond the boardroom, Coen is a marathon enthusiast, demonstrating endurance and discipline in pursuit of both professional and personal goals.
Alyson has over twenty years of experience in demand generation, marketing automation and data management. She is responsible for leading the strategy and direction of the company’s brand, performance, and digital marketing.

Prior to CloudBlue, Alyson served as Ingram Micro’s Director of Global Business Intelligence Marketing Automation driving channel partner campaigns. Her tenure in marketing leadership at prestigious companies such as Western Digital, Ocean Institute celebrates redefining marketing campaigns and building top performing teams based on trust, experimentation, and results.

Alyson resides with her husband and three children in Orange County and is an active volunteer and donor within her children’s sports and education programs.

Darek Tasak is leading Customer Success & Value Creation for CloudBlue. In his role, he looks after CloudBlue customers globally during the entire lifecycle of our relationship: from the initial on-boarding, through in-life account management, always ensuring they build successful businesses leveraging our technology. Additionally, he is also in charge of Partnership & Alliances, as well as Pricing Management for everything we commercialize.

Before CloudBlue, Darek managed Ingram Micro’s Services division for hi-tech customers in Europe & APAC. His prior experiences include also launching and leading pan-European services business for TDSynnex, as well as strategy consulting with Boston Consulting Group (BCG).

As President of CloudBlue, Uddhav is a distinguished leader and visionary with nearly two decades of platform-building experience. He is an industry leader in digital commerce, the subscription economy, and monetization platforms.

Notably, at SAP, he spearheaded the transformation of their platform business into a multi-cloud platform-as-a-service, offering enterprise and developer-friendly subscription models. At Pure Storage, he championed the efforts to successfully disrupt the storage industry by creating revolutionary Storage-as-a-service, AIOps-as-a-service, and Disaster Recovery-as-a-service offerings with cutting-edge features and establishing a sophisticated subscription commerce infrastructure that is channel-friendly.

At CloudBlue, Uddhav guides and empowers businesses to rethink their monetization strategies by unlocking the power of digital ecosystems and marketplaces. CloudBlue provides enterprises with a mature multi-tier, multi-channel marketplace and monetization platform that enables usage-based subscription models and global delivery of Anything-as-a-Service solutions. Uddhav has played a pivotal role in shaping the future of the subscription economy through his innovative thinking and impactful contributions.

Let's talk