Log4J Vulnerability Announcement
Sep 23, 2024

Log4J Vulnerability Announcement

UPDATE: 16/12/2021 1030hrs

Cryoserver is also not vulnerable to the https://nvd.nist.gov/vuln/detail/CVE-2021-45046 variant - as we are not using the affected version of Log4J.

UPDATE: 14/12/2021 1630hrs

Following our previous announcement, we are pleased to confirm that no version of Cryoserver is vulnerable to CVE-2021-44228

Our initial examination of Cryoserver versions <v9.5.0 led us to believe that there existed a back-end vulnerability that could potentially be exploited.  We have now confirmed that this is not the case.

Cryoserver customers pre-version 9.5 should nevertheless schedule an upgrade at some point in the future as good practice.

13/12/2021 1400hrs

On Friday 10th December, Apache announced a critical vulnerability within the LOG4J logging library for Java, called Log4Shell or LogJam.

At 10/10 severity, this is comfortably one of the most serious IT vulnerabilities to have been discovered in recent memory, as Log4J is often installed on both Linux and Windows systems either directly, or often as a requirement of another package or system.

Log4J is included on servers built by Cryoserver.

All our Cloud services
Are not vulnerable to CVE-2021-44228

On-premises versions of Cryoserver on or above v.9.5.0
v9.5.0 released in January 2021 are not vulnerable to CVE-2021-44228

Versions prior to v9.5.0 are partially vulnerable, as described below.

CVE-2021-44228 Attack Vectors:

Please see:

https://www.lunasec.io/docs/blog/log4j-zero-day/

Web Site Attack Vector

The attacker uses the public website to initiate the attack.

No versions of Cryoservers' are vulnerable to this attack vector.

Back-End Attack Vector

The administrator of Cryoserver has set up an outbound connection to an LDAP server that is under the control of an attacker.

The attacker manipulates the remote LDAP server to initiate the attack.

Cryoserver v9.5.0 and above is not vulnerable to this attack vector.

As a next step, please email help@cryoserver.com if you have any concerns and/or wish to upgrade to our current 9.6 release.

Read
More

Britain’s Top 10 Cloud Vendor Award at the Reseller Choice Awards 2019
Sep 23, 2024

Britain’s Top 10 Cloud Vendor Award at the Reseller Choice Awards 2019

We are delighted to announce that Cryoserver has won Britain’s Top 10 Cloud Vendor Award at…
How To Add a Signature In Outlook
Sep 23, 2024

How To Add a Signature In Outlook

If you want your emails to look professional, here’s how to add an Outlook signature quickly and…
How Quickly Will You Recover From a Cyber Attack?
Sep 23, 2024

How Quickly Will You Recover From a Cyber Attack?

Emails are the lifeblood of business processes. It is the main communication between an enterprise…
Cryoserver Partners with DDS Informatica in Andorra
Sep 23, 2024

Cryoserver Partners with DDS Informatica in Andorra

Cryoserver (UK) – Manufactures and supports “Advanced enterprise Email Archiving Software”DDS…
5 Common Misconceptions About Email Archiving
Sep 23, 2024

5 Common Misconceptions About Email Archiving

Email archiving can often be misunderstood. To some, it may seem like a good idea but they’re…
Cloud email archiving: why now’s a good time for it
Sep 23, 2024

Cloud email archiving: why now’s a good time for it

Increasingly, Cryoserver on-premises customers are switching to our cloud solution. There are many…