What is FiNG’s exposure to Log4J?

Pscampbe · December 21, 2021

I hear that Log4J is a bad vulnerability but I can’t find anything that indicates ding’s exposure to it. Can someone point me to any docco that exists?

Marc · December 22, 2021

@Pscampbe, great question. @Dylan_From_Fing or @Robin_from_Fing, are you at liberty to disclose whether your site been certified as free from log4j Java logging heck or conversely upgraded to whatever version today is no longer vulnerable?

Robin_from_Fing · December 23, 2021

Pscampbe said:

I hear that Log4J is a bad vulnerability but I can’t find anything that indicates ding’s exposure to it. Can someone point me to any docco that exists?

At this point, we can share that we regularly check for vulnerabilities and correct them if found any. If user has found any vulnerability on Fing website then they can share with us and we act as priority.

Crowgrandfather · December 29, 2021

https://community.fing.com/discussion/comment/31787#Comment_31787

What about the actual FingBox itself? Is it running Log4J?

Robin_from_Fing · January 2, 2022

Fingbox itself is not based on Java and therefore it's not affected by the log4j vulnerability. Whole Fing infrastructure of consumer and business services, including device recognition, is not affected: although part of the backend is Java-based and makes use of the log4j library, the versions used and the related configurations are not affected by this critical vulnerability.

What is FiNG’s exposure to Log4J?

Answers

Categories