EnergyCAP Response to Zero Day Vulnerability for Apache Log4j
Posted by Joel Brickell on 15 December 2021 11:48 AM

Dear Friends,

On December 9, 2021, Apache published a zero-day vulnerability for Apache Log4j (CVE-2021-44228). This vulnerability, known as ‘Log4Shell’, was classified as a critical vulnerability with a CVSS score of 10 out of 10. When exploited, an attacker could gain control of compromised systems using Remote Code Execution.


EnergyCAP is committed to providing secure software and services to meet the needs of our customers. After an internal investigation by the EnergyCAP security team, we have determined that the EnergyCAP application and its dependencies are not vulnerable to CVE-2021-44228. This includes hosted solutions as well as on-premise installations of EnergyCAP. Additionally, we have verified that our next-generation firewalls and endpoint protection have been updated to ensure the detection of CVE-2021-44228 on our networks. 


Our security team will continue to monitor and assess future vulnerabilities and variants and will provide updates as necessary.  


Questions can be directed to Adam Hegedus, Chief Security Officer at EnergyCAP.