Log4Shell vulnerability and Box
Also looking for a response. In this day and age, this kind of information should be made front and center for customers, without them having to even ask. About 5% of our vendors are saying anything about it on their own.
-
Official comment
Hi Everyone,
Welcome to the Box Community and thanks for posting!
Please find Box's official statement regarding this issue on this blog post: https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228
Many thanks for your patience and please let us know how else we can help.
Comment actions -
Vince, I totally agree... Would be nice to know if Box can attest that they have implemented the "Apache released Log4j version 2.15.0 security update to address this vulnerability." https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
-
I opened a Chat Session with Box Support, they say:
We have completed our investigation around the impact of log4j on Box and have found no evidence that any log4j instance was successfully exploited.
Our teams have worked throughout the weekend to review our systems and have made appropriate patches where needed. We have found no evidence that customer data or content has been impacted and will will provide more details soon.
Please sign in to leave a comment.
Comments
3 comments