On Dec 9th, 2021, security researchers published a report of a high risk “zero day” vulnerability (CVE-2021-44228) affecting a common software package (Apache Log4J) that can allow remote code execution. Because Log4j is widely used across web applications and cloud service providers, the full scope of this vulnerability is complex and its impact is still being uncovered.
WattIQ does not currently use Java or the JVM in any of its products, and thus does not use Log4J at all.
We do host our cloud services on AWS and employ several third-party subprocessor/vendors part of our production services, and thus we have been monitoring their efforts to assess, catalog, and mitigate their exposure. As of December 16 2021, all of WattIQ’s third-party subprocessors have either made public announcements that they have no exposure, or have assessed and mitigated by updating to non-vulnerable versions of Log4J.
We will continue to monitor the vendors who are engaged in mitigation for further announcements, since this CVE is severe.
Find out how we helped others in achieving great savings.