On December 9th, 2021, The Apache foundation released a vulnerability disclosure regarding its log4j library, which is widely used by Java applications. This vulnerability, CVE-2021-44228, can potentially allow an attacker to force a system to download and execute the attacker’s code (Remote Code Execution, or RCE). It received the highest possible severity rating, CVSS 10. While much of the internet has been affected by these vulnerabilities, Glacier is not affected.
Glacier is also working with our vendors and other third parties to ensure that their systems and software are updated and secure. We have received and applied updates for most of these components and have applied other mitigations to protect such systems where updates are not yet available.
For any questions, please contact us at support@glaciersecurity.com
The Glacier Team