Log4j / Log4Shell
Dear Sir or Madam,
In December 2021, a vulnerability in the widely used Java logging library Log4j became known and the German Federal Office for Information Security (BSI) warns about it. The vulnerability is also known as "Log4Shell" and puts many servers and applications at risk, as unauthorised hackers could execute code in vulnerable systems from the outside.
Log4j or offshoots are not actively used in BvL products. Nevertheless, there are residual risks through software and hardware that BvL obtains from manufacturers/suppliers if these manufacturers/suppliers use the named Java framework in the operating system or in areas that are not visible to BvL. At present, we are not aware of any concretely affected products.
We are monitoring developments and are in close contact with our suppliers.
Should we identify affected products or receive information about affected products from our suppliers, we will inform you.
In accordance with the recommendations of the BSI, we advise you to implement appropriate IT security measures as soon as possible. In particular, security updates for your IT systems and IT products should be installed if they are available. It is also important to keep firewalls and virus protection up to date.
In your own interest, you should regularly inform yourself about this vulnerability and your IT security and seek an exchange with manufacturers about affected products and security measures.
You can find more information (in german) via the following links: