Log4j Vulnerability Statement
On December 9th, 2021, security researchers discovered a flaw in the code of a software library used for logging. The software library, Log4j, is built on a popular coding language, Java, that has widespread use in other software and applications used worldwide. This flaw in Log4j is estimated to be present in over 100 million instances globally.
As of Dec. 14, researchers discovered that the fix developed for CVE-2021-44228 was incomplete. Affected versions now include 2.15.0 and the vendor, Apache, recommends updating to 2.16.0 immediately. This is tracked in the NVD under CVE-2021-45046.
Interskill Learning has a plan of action in place for all vulnerabilities such as these as part of its standard security and business continuity procedures. As patches from hardware and software vendors are made available, we'll assess, test, coordinate and deploy accordingly across our environment. In the event customers are affected by these procedures, Interskill Learning will communicate to affected customers if actions that would impact their environments are required.
Interskill has completed a full assessment of all systems, and has confirmed that Log4j is not used in any areas of our infrastructure nor has it been affected by this vulnerability in any manner.