Paradigm Products and Internal Resources are Not Exposed.

 
On December 9th, 2021, a zero-day cybersecurity vulnerability was discovered in a widely popular Java logging framework named Apache log4j version 2.x. This vulnerability was assigned the maximum possible severity score of 10.0, with a severity rating of “Critical” by the National Institute of Standards and Technology (NIST). This vulnerability has been assigned the name “Log4Shell.”

The Paradigm Cybersecurity team has investigated the potential exposure and impact to our customer-facing products and internal corporate resources.

Based on this investigation, we’ve determined that none of our products and/or internal resources are currently impacted or exposed by this vulnerability.

NIST Public Vulnerability Disclosure Link: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

CVE # Affected Contraindications Known Exploits CVE Rating Paradigm Impact Rating
Corp Product
CVE-2021-44228 Specially crafted strings parsed by log4j2 can allow for remote code execution within the rights of the logging application, allowing full control of the affected system and the capability to reach out and run arbitrary code.
Applications using log4j2 None Non-effective exploit scans were discovered by Paradigm Cybersecurity on 12/10/2021. The presence of such scans may indicate active threat exploitation actors. 10.0 None None

Attackers could exploit public endpoints within an impacted network to compromise machines and use to laterally move undetected within such a network. Attackers could inject data into affected applications that may be used later for exploitation. Paradigm customers are encouraged to evaluate their own usage of log4j impacted versions to determine their own levels of risk and potential exposure.

Advisory Author Title Date
Will McCardell Senior Database Administrator 2021-12-13
John August Otte Chief Information Security Officer 2021-12-13
DATE OF RELEASE: 2021-12-14
This Cybersecurity Threat Alert is provided as a courtesy to our customers and Paradigm assumes no liability for its accuracy, impact to customer products, or change in risk severity levels.