NovelVox mitigation actions on Apache
Log4j vulnerability

On Thursday, December 9, the Apache Software Foundation disclosed a critical security vulnerability in a popular Java library called Log4j, a widely adopted library used in many commercial and open-source software products as a logging framework for Java. Since the vulnerability is affecting technology industries worldwide, it becomes essential to take immediate remedial actions. This article provides necessary information about the Apache Log4j vulnerability and preventive measures for the continued, trouble-free operation of NovelVox products and services.

About Log4j Vulnerability

Log4J vulnerability, officially known as CVE-2021-44228 (CVE is a unique number given to each vulnerability discovered across the world), results from the execution of an arbitrary external code added in the header field by an attacker as a specially crafted message. In simple words, the vulnerability could allow a hacker to take control of a system, which makes it even more severe.

The vulnerability is referred to as a Zero-day exploit because it was shared with everyone – the public, customers, vendors altogether at the same time on Twitter along with the software code(the exploit code).

NovelVox’s plan of action:

NovelVox is actively engaged in the remediation of Apache Log4j vulnerability. Our engineers are actively examining all of the NovelVox products against the vulnerability and applying the fix one by one on all our customer base. The support team has already started connecting with customers and partners to get the fix implemented. Customers can also reach out to our support team directly at support@novelvox.com to get the fix implemented in their environment.

Our customers are our top priority, and we are working hard to mitigate this risk as soon as possible for all our customers.