Cascade Asset Management has recently conducted a review of our IT applications and determined it is not affected by the vulnerability known as Log4J. In addition, Cascade maintains continuous penetration testing by a contracted third-party security firm.  No patching was required due to the absence of affected software systems.  

The Java software library “log4j” features a significant technical vulnerability and is therefore a potential gateway for cyber-attacks. The focus is on applications that can be accessed from the Internet and that use the log4j library (CVE-2021-44228). Log4j is included with almost all the enterprise products released by the Apache Software Foundation, such as Apache Struts, Apache Flink, Apache Druid, Apache Flume, Apache Solr, Apache Flink, Apache Kafka, Apache Dubbo. In addition, other open-source projects like Redis, ElasticSearch, Elastic Logstash, the NSA’s Ghidra, and others also use it in some capacity or other. The severity of this vulnerability has been classified as Critical and could result in malicious code execution and server compromise.  Monitoring Log4J status is available at the National Institute of Standards and Technology (NIST) site: https://nvd.nist.gov/vuln/detail/CVE-2021-44228.   

For further information, please contact Cascade at info@cascade-assets.com