Log4Shell vulnerability and Box

Follow

New post

Vince DiStefano

• December 14, 2021 14:52

Also looking for a response. In this day and age, this kind of information should be made front and center for customers, without them having to even ask. About 5% of our vendors are saying anything about it on their own.

0

• Official comment

  

  France

  • December 17, 2021 20:35
  • Edited

  Hi Everyone, 

  Welcome to the Box Community and thanks for posting!

  Please find Box's official statement regarding this issue on this blog post: https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228

  Many thanks for your patience and please let us know how else we can help.

  Comment actions Permalink
• 

  Ian Roberts

  • December 14, 2021 15:49

  Vince, I totally agree... Would be nice to know if Box can attest that they have implemented the "Apache released Log4j version 2.15.0 security update to address this vulnerability." https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance  

  0

  Comment actions Permalink
• 

  John Schulte

  • December 14, 2021 19:15

  I opened a Chat Session with Box Support, they say:

  We have completed our investigation around the impact of log4j on Box and have found no evidence that any log4j instance was successfully exploited.

  Our teams have worked throughout the weekend to review our systems and have made appropriate patches where needed. We have found no evidence that customer data or content has been impacted and will will provide more details soon.

   

   

   

  0

  Comment actions Permalink

Please sign in to leave a comment.