As you might have gathered from news and other contacts in the past couple of days, there is a serious vulnerability found in a widely used component in software, named log4j. This is a so-called Java library - with a potentially broad impact across the internet. Prowise is not vulnerable to the log4j security problem.
We became aware of the issue last friday. Both through an internal report and a little later through the Cyber Resilience Center Brainport.
We took action
After receiving the reports we immediately took action and assessed our internal tools and software used, as well as software and networks managed on behalf of our customers. While our general use of Java is limited, and not all issues were found to be exploitable, we updated all commercial and open source products that were affected in order to solve the issue.
Not vulnerable
We have now completed the investigation with respect to log4j and concluded that Prowise is not vulnerable to the log4j security problem anymore. None of our applications or tools use versions of the vulnerable software.
We stay alert
We will continue to monitor the case closely and keep you informed of relevant developments. If you wish to share security concerns in the future with Prowise you may use security@prowise.com. Let us know if you have any further questions.
Update 03-01-2022:
We have kept ourselves up-to-date with the latest information on the ongoing incidents and have addressed issues that affected Prowise as they became known. Currently Prowise is not known to be vulnerable to these new issues found.
