No impact from Log4j vulnerability on Building Blocks solutions.
Tilburg, 15 December 2021 – No impact from Log4j vulnerability on Building Blocks solutions. On Friday, December 10th Building Blocks became aware of the vulnerability in Apache Log4j. While this dependency is not used directly by Building Blocks, actions have been taken to mitigate risk.
Building Blocks has not seen any abuse of the vulnerability in its’ clients solutions. Software platforms used by Building Blocks for day-to-day business have also been evaluated by our IT partner and found to be not vulnerable to this attack.
Concerns vulnerabilities:
Solutions created by Building Blocks do not use Log4j directly and are therefore at low risk for abuse. However, the following mitigating actions have been taken:
1. Application logs have been analyzed and no suspicious behavior has been found.
2. The feature which allows for the vulnerability has been disabled by configuration (mitigates CVE-2021-44228).
3. The vulnerability described in CVE-2021-45046 has no effect on building blocks as no context parameters are used throughout our solutions.
In case you have any further questions regarding your case, please reach out to our DPO/CISO Daan Möhlmann, daan@building-blocks.com.