Dec 14, 2021 2 min read

Log4j Vulnerability: Mercans’ response to a critical RCE vulnerability in the widely used Log4j library.

On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified as being exploited in the wild. Investigation revealed that this exploitation was incredibly easy to perform. Due to the broad usage of the popular Java library, many IT Systems and SaaS providers were now at severe risk. By submitting a specially crafted request to a vulnerable system, an attacker is able to instruct that system to download and subsequently execute a malicious payload.

According to reports, with the access gained from the vulnerability, hackers could potentially exploit the application by running malicious software that could take control of a company’s system.

Just for your information, Log4j is a common logging library used by companies such as Apple, Microsoft, and Google as well as enterprise applications from CISCO, Netapp, CloudFare, Amazon and others. Logging lets developers see all the activity of an application.

Company statement towards the pressing issue

Google said it is “currently assessing the potential impact of the vulnerability for Google Cloud products and services. This is an ongoing event and we will continue to provide updates through our customer communications channels.”

NetApp stated that “the successful exploitation of this vulnerability could lead to the disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).”

Mercans vulnerability mitigation

Mercans doesn’t utilize the services of Log4j for its entire codebase.  However, it has conducted a full analysis as risk mitigation of its infrastructure in order to make sure that even the third-party tools using Log4j may not be affected. The analysis has not found any vulnerabilities and hasn’t affected the quality of services provided in any way.

Mercans makes use of military-grade security to protect its data. Its systems meet international compliance requirements including GDPR, ISO 9001, SOC 1, SOC 2, OWASP ASVS 3.0

Mercans operates from a non-aggregator standpoint which ensures complete data privacy & security so that the quality of its services can always remain trustworthy, consistent, and reliable.

Most viewed posts

View all posts

Global BPO Leader Infosys Selects Mercans’ Payroll Tech to Power i...

This partnership brings together Mercans' disruptive payroll tech and Infosys' consulting and BPO capabilities to create the most tech advanced and operationally resilient global payroll offering.

Sep 26, 2023 3 min read

Lebanon – Sickness and Maternity Contributions Set To Raise

Contributions will be raised to LBP 18,000,000 from the existing limit of LBP 5,600,000.

Sep 18, 2023 1 min read

Singapore – Central Provident Fund Ceiling Changes

Effective from 1 September 2023, the Central Provident Fund Board has amended the additional income ceiling for monthly mandatory contributions. CPF Ordinary Wage (OW) ceiling limits, the amount of OW that attract CPF contributions in a calendar m

Sep 12, 2023 1 min read

Kenya – 2023 Statutory Changes

Effective from 28 July 2023, the Kenyan Government has lifted the suspension barring the implementation of the 2023 Finance Act. The Finance Act of 2023 proposed the below changes to take effect from the 1st of July 2023: Exemption of travel allo

Aug 15, 2023 2 min read

Oman Announces New Labor Law

Effective from 25 July 2023, the Omani government through Royal Decree No. 53/2023 issued the New Labor Law which replaces the Old Labor law issued through Royal Decree No. 35/2003. Please find the previous and new law comparison in the below tabl

Aug 11, 2023 1 min read

HR Blizz Acquires an Accounting Software Award from Leading B2B Rev...

HR Blizz earned another notch on its belt when a major B2B software marketplace granted our accounting software a major award. FinancesOnline, one of the leading software directories today, confers HR Blizz with a Rising Star Award, acknowledgin

Aug 10, 2023 3 min read