Centric is collaborating with customers and partners on identifying and addressing the recently discovered Apache Log4j vulnerability. Please find our latest information update down below.
Update Friday 24 December
The Apache Log4j vulnerability still has our highest priority. However, in the current situation there is no need to communicate on centric.eu on a regular basis. Customers who want to know more about their specific situation are asked to contact their usual contact person.
Update Tuesday 21 December
At this moment there is no new information to report. We are still working on the issue full force, and will report to you as soon as we have new information. Please visit the Customer Portal for more detailed information for your specific situation.
We would like to emphasize that this Apache Log4j vulnerability is likely to pose risks to the business continuity of a number of organizations in the coming period. For more information, please refer to Github, the Informatiebeveiligingsdienst (in Dutch) and the NCSC (also in Dutch).
Update Monday 20 December
So far, there are no indications that the Apache Log4j vulnerability has been exploited in any of our systems or services. We are in daily contact with the NCSC and IBD to discuss the latest developments.
We continue to scan our network perimeter based on new hashes we receive daily and analyze the reports for possible anomalies. This also applies to our internal testing to identify vulnerable Log4j installations. Please be aware that we are depending on our integration partners to come up with solutions. In case a patch is needed, we will update to the latest available version of Apache Log4j (2.17). The latest list of non-vulnerable applications can be found on the Customer Portal.
We keep urging our customers to contact their third-party suppliers and any other integration partners to ensure that the Apache Log4j vulnerability is addressed appropriately for applications and systems that are outside of our control.
This Apache Log4j vulnerability is likely to pose risks to the business continuity of a number of organizations in the coming period. For more information, please refer to Github, the Informatiebeveiligingsdienst (in Dutch), and the NCSC (also in Dutch).