Dec 14, 2021 2 min read

Log4j Vulnerability: Mercans’ response to a critical RCE vulnerability in the widely used Log4j library.

On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified as being exploited in the wild. Investigation revealed that this exploitation was incredibly easy to perform. Due to the broad usage of the popular Java library, many IT Systems and SaaS providers were now at severe risk. By submitting a specially crafted request to a vulnerable system, an attacker is able to instruct that system to download and subsequently execute a malicious payload.

According to reports, with the access gained from the vulnerability, hackers could potentially exploit the application by running malicious software that could take control of a company’s system.

Just for your information, Log4j is a common logging library used by companies such as Apple, Microsoft, and Google as well as enterprise applications from CISCO, Netapp, CloudFare, Amazon and others. Logging lets developers see all the activity of an application.

Company statement towards the pressing issue

Google said it is “currently assessing the potential impact of the vulnerability for Google Cloud products and services. This is an ongoing event and we will continue to provide updates through our customer communications channels.”

NetApp stated that “the successful exploitation of this vulnerability could lead to the disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).”

Mercans vulnerability mitigation

Mercans doesn’t utilize the services of Log4j for its entire codebase.  However, it has conducted a full analysis as risk mitigation of its infrastructure in order to make sure that even the third-party tools using Log4j may not be affected. The analysis has not found any vulnerabilities and hasn’t affected the quality of services provided in any way.

Mercans makes use of military-grade security to protect its data. Its systems meet international compliance requirements including GDPR, ISO 9001, SOC 1, SOC 2, OWASP ASVS 3.0

Mercans operates from a non-aggregator standpoint which ensures complete data privacy & security so that the quality of its services can always remain trustworthy, consistent, and reliable.

Most viewed posts

View all posts

Mercans Adds Thought Leader Pete Tilakos to its Board

Pete is a renowned global payroll product strategy leader, HR industry analyst, advisor, and thought leader.

Feb 8, 2023 2 min read

Dubai Multi Commodities Centre (DMCC) Mandates Wages Protection Sys...

This will enable DMCC member companies to pay employees’ wages via banks, exchange houses, and financial institutions approved by the UAE Central Bank.

Feb 8, 2023 1 min read

Norway Announced Income Tax Rate 2023 and Introduced a New Social Tax

A new 5% Social Tax has been introduced for yearly income exceeding 750,000 NOK. The tax will only kick in once the employee's earnings surpass this limit.

Feb 7, 2023 1 min read

Lebanon Announced Tax Rate and Exemption Changes for 2023

In addition, the Lebanese government has announced an official LBP to USD exchange rates to be used for payroll calculation purposes.

Feb 7, 2023 1 min read

Qatar changes Social Security Contribution Rates for GCC Nationals

The General Retirement and Social Insurance Authority (GRSIA) of Qatar has announced changes in the Social Security and Pension Law with updated contribution rates applicable to private sector employees in Qatar, effective from 3 January 2023. The up

Feb 1, 2023 1 min read

Mercans’ HR Blizz is now an IRAS-Certified Payroll Software

Accreditation of HR Blizz by IRAS in Singapore allows businesses to submit their GST and Taxes electronically accurately.

Jan 26, 2023 3 min read