Paradigm Blog

Cybersecurity Threat Alert

Published: 12/14/2021

By: John Otte, Director of Cloud and Security, CISO

On December 9th, 2021, a zero-day cybersecurity vulnerability was discovered in a widely popular Java logging framework named Apache log4j version 2.x. This vulnerability was assigned the maximum possible severity score of 10.0, with a severity rating of “Critical” by the National Institute of Standards and Technology (NIST). This vulnerability has been assigned the name “Log4Shell.”

The Paradigm Cybersecurity team has investigated the potential exposure and impact to our customer-facing products and internal corporate resources.

Based on this investigation, we’ve determined that none of our products and/or internal resources are currently impacted or exposed by this vulnerability.

NIST Public Vulnerability Disclosure Link:

CVE # Affected Contraindications Known Exploits CVE Rating Paradigm Impact Rating
Corp Product
CVE-2021-44228 Specially crafted strings parsed by log4j2 can allow for remote code execution within the rights of the logging application, allowing full control of the affected system and the capability to reach out and run arbitrary code.
Applications using log4j2 None Non-effective exploit scans were discovered by Paradigm Cybersecurity on 12/10/2021. The presence of such scans may indicate active threat exploitation actors. 10.0 None None

Attackers could exploit public endpoints within an impacted network to compromise machines and use to laterally move undetected within such a network. Attackers could inject data into affected applications that may be used later for exploitation. Paradigm customers are encouraged to evaluate their own usage of log4j impacted versions to determine their own levels of risk and potential exposure.

Advisory Author Title Date
Will McCardell Senior Database Administrator 2021-12-13
John August Otte Chief Information Security Officer 2021-12-13
DATE OF RELEASE: 2021-12-14
This Cybersecurity Threat Alert is provided as a courtesy to our customers and Paradigm assumes no liability for its accuracy, impact to customer products, or change in risk severity levels.


Read More

Latest Blog Posts

Technology Upgrades for Window & Door Manufacturers

Navigating Technology Upgrades

In the realm of window and door manufacturing, staying ahead often involves

Paradigm Omni Quoting Software Integration with Threekit Visual Product Configurator Simplifies Window and Door Sales

Paradigm Announces Threekit Partnership

Paradigm's partnership with Threekit adds a 3D configuration for customers to create

Paradigm Omni Catalog Build Tools

New Paradigm Omni Catalog-Build Tools Get Products to Market Faster

More data automation, less copying and pasting with new catalog build-tools to