ProShip is sharing important customer information for the Log4j2/Log4Shell Remote Code Execution (RCE) vulnerability.
ProShip is aware of the Log4j2/Log4Shell Remote Code Execution (RCE) vulnerability and its CVSS 10 severity score. To help our customers evaluate their own risk to this vulnerability, we are putting out the following statement:
ProShip Software Suite
ProShip does not use any Java technologies in the ProShip Software Suite. Specifically, we do not use Log4j2 or and are not susceptible to the Log4Shell attack.
ProShip’s Network
ProShip has conducted an audit of externally accessible resources and confirmed that we are not using Log4j2 on any servers. We continue to review resources that are only accessible internally within ProShip to verify there is no risk to the vulnerability.
ProShip’s Partners
To finalize this process, ProShip is reaching out to all of our critical partners to ensure that they are not affected by this issue. If any partners are affected, ProShip will work with them to ensure no data breaches have occurred.
Please reach out to your Customer Support Specialist (CSS) with any questions.
Additional Resources
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation (Cybersecurity & Infrastructure Security Agency)
Log4j RCE activity began on December 1 as botnets start using vulnerability (ZDNet)
Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet (Ars Technica)