Posted by Miryam Brand
December 16, 2021
Executive summary: The Akeyless Vaultless Platform is not impacted by the log4j vulnerability
Recently, a zero-day vulnerability (CVE-2021-44228) was discovered in the popular Apache Log4j logging library, which could allow an attacker full remote code execution.
Many enterprise apps and cloud services use this common logging library. Apache has since released a security update and provided recommended configurations for earlier versions that mitigate the vulnerability’s impact. We strongly encourage security and dev teams to analyze their use of the tool and update immediately, if they haven’t already done so.
Akeyless’ security teams validated the platform code and processes, and confirm that this vulnerability does not affect our platform, throughout the entire software supply chain.
As part of Akeyless SOC 2 Type II and ISO27001:2013 compliance, Akeyless has established a process to promptly validate the effect of any vulnerability, just like this log4j issue.
For more details on how Akeyless secures the Vault Platform, and our customers, visit akeyless.io/trust-center.