A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly on December 9, 2021.
Our security teams have now finished their first round of in-depth technical analysis. We are glad to report that the vulnerable utility is not part of any of our applications. Thus, we would like to reassure our clients that none of our services are impacted by the CVE-2021-44228.
Rainbow© services are secure and are continuing to be so.
As an ISO27001 compliant organization, ALE International and its Rainbow solutions execute a proactive cybersecurity strategy that puts into place rigorous teams and processes who continuously assess the risk of any raised CVE, and immediately mitigate its risk whenever relevant.
Thank you for your confidence in Rainbow.
Your Rainbow Security team