Haven Connect

View Original

Is Your Property Management Software Safe from Log4j? Haven Connect is

You may have heard about a serious new software vulnerability known as Apache Log4j 2, uncovered this past weekend, and published as CVE-2021-44228

Just how bad is the Log4j vulnerability? 

Very bad. In fact, it scores a “perfect” 10 of out 10 in The Common Vulnerability Scoring System, which means its severity is officially critical.

Last week, the company behind the popular video game Minecraft, published a blog post announcing the Java version of the game had a flaw that hackers could exploit to take over players’ computers. 

Shortly afterward, the cybersecurity community realized the vulnerability could potentially impact billions of devices and countless software applications. One cybersecurity expert, David Wolpoff, CTO of Randori, was quoted as saying, “The Internet’s on fire.”

What is Apache Log4j?

Apache Log4j is a part of the Apache Logging Project, and it’s used by many software developers to log errors and activity in their software, just like you log notes and activity in your applicant files.

Hackers can easily gain control

This vulnerability is particularly pernicious because it can impact nearly everything written in the Java programming language, as well as services that rely on software written in Java. Additionally, the Log4j flaw is easy to exploit, which means it does not require a lot of effort by hackers to take advantage of this vulnerability. As a result, cybersecurity researchers and security teams have been working around the clock to fix, or “patch”, the vulnerability in affected systems. 

It’s a race against the hackers right now, and will continue to be so for weeks to come.

Is your property management office safe?

Many popular property management systems were written in Java, or rely on services and software written in Java. So if you are using one of the larger vendors’ software chances are you are at risk. You should definitely reach out to your IT department or security team to find out what measures you should take to protect your business.

Haven Connect’s security team has performed a thorough review of our code and we are pleased to report that we do not use Log4j in any part of our code. We are continuing to monitor dependencies, secondary systems, and potentially impacted vendors. But at this time we do not have any reason to believe that Haven Connect is impacted by this vulnerability.

If you have any questions or concerns, please feel free to contact us and let us know.

Thank you!

The Haven Connect Team