Since public disclosure of the Apache Log4j Zero Day Vulnerability CVE-2021-44228 nicknamed “Log4Shell” on Friday December 10, 2021, GlobalSign security and infrastructure teams have been working around the clock to ensure our environment is not affected.
We have investigated all our infrastructure and services and have patched or isolated those utilizing vulnerable versions of the log4j library. For those services that did utilize a vulnerable version, we have conducted a detailed investigation of supporting logs and have not discovered any evidence that would demonstrate these services have been compromised. We did observe attacks aimed at exploiting this vulnerability over the last few days; however, all were unsuccessful and occurred after we patched the relevant services.
Should there be any updates we will provide them as appropriate, but right now we believe our environment is adequately protected against this vulnerability.
Should you have any further questions, please contact our Support team.
Please refer to this white paper for a description of the overall measures GlobalSign is taking to protect its environment.