Between November and December 2021, a critical vulnerability was added to the publicly available list of Common Vulnerabilities and Exposures for Apache’s open-source Java-based logging library: Log4j2.
This library is commonly incorporated into Apache web servers as well as other Apache frameworks and services. The vulnerability is being widely exploited in the wild and it is strongly advised that organisations assess the impact of Log4j2 and undertake appropriate actions to safeguard against possible attacks as soon as possible.

The Vessel-Check technology stack does not employ the use of any Java-based technologies and therefore we expect little if any impact on Vessel-Check operational activities going forward.

As Vessel-Check is entirely an Azure Cloud-based service, Microsoft themselves, are actively investigating any possible vulnerabilities within its own infrastructure and further information on Microsoft’s plan of action can be found here: Microsoft’s Response to CVE-2021-44228 Apache Log4j 2