Hello everyone,
On December 9th, 2021, the security community became aware of active exploitation attempts of a vulnerability in Apache Log4j 2. The vulnerability, also known as “Log4Shell”, is trivially easy to exploit and consists of a malformed Java Naming and Directory Interface (JNDI). This is a common software component which is widely used across many systems globally.
We are pleased to announce we currently have no vulnerable versions of Log4j 2 on any of our platforms.
Comodo has components in the MDR platform which leverage the java library. However, for these, we immediately patched them and also enabled web application firewall rules to further identify any active attempts to scan these systems and/or run arbitrary commands against them.
None of our other platforms Dragon, Dragon Enterprise, Secure Internet Gateway, or Secure Email Gateway were ever at risk of the vulnerability.
Best regards,
Product Management Team