The recently detected and serious Apache Log4j vulnerability (CVE-2021-44428) is reported to affect millions of running applications. IT managers are obviously worried as they do not know the consequences and harm that this vulnerability can cause.
To answer questions about the Apache Log4j vulnerability, CloudAlly does not use Apache’s Log4j library. In addition, our security team has checked all 3rd party libraries used and currently has not found any vulnerabilities. CloudAlly can reassure our customers that no harm has been caused by the Log4j vulnerability.
CloudAlly’s security team will continue to monitor the situation.
Update: CloudAlly has reviewed the newly reported Log4J vulnerability CVE 2021-45046 (that can be used for remote code execution), and can state that no harm is caused to CloudAlly's customers by this vulnerability.
Monty Sagal
CloudAlly Compliance Director