In this post, SCLogic will answer frequently asked questions about the Apache Log4j vulnerability as it pertains to Intra Enterprise/EDU.
What is Log4j?
Log4j is an open-source, Java-based logging tool from Apache that can perform network lookups using the Java Naming and Directory Interface (JNDI). Essentially, Log4j records user activity and behavior of the software application.
What is the Apache Log4j Vulnerability?
JNDI allows Log4j to interpret a log message as a URL, go and fetch it, and then execute any executable payload contained in the URL with the full privileges of the main program. In short, attackers can utilize the exploit to remotely execute malicious code simply by passing a URL through Log4j giving attackers the ability to steal data, install programs, or even take control of your computer. Apache is mitigating this vulnerability by updating the Log4j library, but vulnerable web services will need to apply that update. You can find more information from the Cybersecurity & Infrastructure Security Agency (CISA) here.
Is SCLogic’s Intra Enterprise/EDU Affected?
No, Intra is not affected by this vulnerability. Intra does not use Java, Apache, or Log4j, so there is no impact within Intra related to this vulnerability. As with any software program, it’s always best to keep up with the latest software updates.