Posted by Miryam Brand
December 16, 2021
Executive summary: The Akeyless Vaultless Platform is not impacted by the log4j vulnerability
Recently, a zero-day vulnerability (CVE-2021-44228) was discovered in the popular Apache Log4j logging library, which could allow an attacker full remote code execution.
Many enterprise apps and cloud services use this common logging library. Apache has since released a security update and provided recommended configurations for earlier versions that mitigate the vulnerability’s impact. We strongly encourage security and dev teams to analyze their use of the tool and update immediately, if they haven’t already done so.
Akeyless’ security teams validated the platform code and processes, and confirm that this vulnerability does not affect our platform, throughout the entire software supply chain.
As part of Akeyless SOC 2 Type II and ISO27001:2013 compliance, Akeyless has established a process to promptly validate the effect of any vulnerability, just like this log4j issue.
For more details on how Akeyless secures the Vault Platform, and our customers, visit akeyless.io/trust-center.
Recent Posts
-
DevOps InfoSecLearn why secret rotation is crucial, the challenges faced, and best practices for both manual and automated rotations.
-
DevOps InfoSec
What is Just In Time (JIT) Access Management?
Explore the transformative power of Just in Time (JIT) Access Management in enhancing cybersecurity and streamlining operations. Learn its types, benefits, and best practices. -
News
Why Open Source Based Vaults Will Be Left Behind
The origins of Vaultless™ Secrets Management and why Vaults based on legacy open-source code are being left behind.