14th December, 2021
A new security vulnerability impacting Java-based applications using the Apache Log4j library has made recent headlines, but MYOB remains unaffected.
On 10 December, a security vulnerability in a widely used open-source software library, Apache Log4j, was made public.
The vulnerability, known as the Log4Shell exploit, can lead to remote code execution without authentication.
As a result, the exploit has been rated 10 – maximum severity – on the common vulnerability scoring system (CVSS) scale.
“MYOB is aware of this issue and has not been impacted,” said Peter Wolski, head of information and cyber security for MYOB.
“Since being alerted on Friday, we have worked to ensure appropriate steps have been taken to avoid any unauthorised access to data or computer resources made possible by this vulnerability.”
“We take such threats to our systems and our customers’ data very seriously,” he said.
As CSO reported, the vulnerability doesn’t affect ‘only Java-based applications and services that use the library directly’ but could also be used to attack other Java components including ‘Apache Struts2, Apache Soir, Apache Druid, Apache Flink, ElasticSearch, Apache Kafka and many others’.
If you believe you may be impacted by this issue, MYOB recommends following the guidance of the Australian Cyber Security Centre, including scanning and patching potentially impacted systems.