Log4Shell – FirstWare IDM-Portal not affected
The NCSC is highlighting a critical vulnerability in Apache Log4j. The major vulnerability, named Log4Shell, was discovered on December 10, 2021 in the Java library Log4j developed by the Apache Software Foundation.
The FirstWare IDM-Portal of FirstAttribute is not affected by this.
FirstAttribute software solutions
FirstAttribute customers are not at risk from this security issue.
Here is an overview of the most important facts:
- FirstAttribute’s software and services do not use Log4j.
- The development is not done in Java.
- Web applications developed by FirstAttribute do not use Apache web server technology for deployment.
Our software and services are not affected::
- FirstWare IDM-Portal
- FirstWare DynamicGroup
- FirstWare AD-Inspector
- my-IAM PeopleConnect
- my-IAM TeamSpace
- my-IAM DynamicSync
It is not necessary to update the existing installations. However, we generally recommend using the latest version and performing regular updates. To download the latest versions or make an appointment with our specialists, see links above.
Note: An update for Log4j is available
A patch was hastily released by the Apache Foundation over the weekend, but it needs to be installed by server owners. Some affected companies, such as Mojang, the publisher of Minecraft, have also posted several warnings on their respective websites, asking all server owners to apply the proposed update as soon as possible.
Enhanced security with FirstWare IDM-Portal
FirstWare IDM-Portal focuses primarily on the security of your identity and enterprise data.
With the help of controlled user and authorization management (incl. automation and approval workflows), security measures such as SSO, MFA or RBAC as well as detailed auditing, the IDM-Portal increases the security of your company. The most important goals are to ensure precisely fitting access rights, to automate routine tasks and to strengthen the adherence to legal regulations (= avoid compliance violations).
For the FirstAttribute AG team, the security of your data is a high priority topic. We continuously monitor and improve our software and services to ensure that our customers can handle their data securely.
If you have any questions about the Log4Shell attack or would like to verify the security of FirstWare IDM-Portal, please feel free to contact us.