Mambu has been actively managing and mitigating threats associated with the recently disclosed security issue Log4Shell (initially CVE-2021-44228 - Log4j2, and other related ones). We continue to actively monitor the situation and we will provide new updates and new posts as required.
At this moment we can confirm that all identified affected Mambu services were updated, related WAF rules have been deployed, traffic from anonymizer services such as TOR are blocked, and a dedicated external penetration test with only that particular library in scope has been conducted without any further findings.
Posted Jan 11, 2022 - 09:04 UTC
Update
Mambu continues to actively investigate and implement industry recommendations to mitigate threats associated with recently disclosed security issue Log4Shell (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, Log4j2). We continue to closely monitor the situation and provide updates as needed.
Mambu continues to actively investigate and implement industry recommendations to mitigate threats associated with recently disclosed security issue Log4Shell (CVE-2021-44228 and CVE-2021-45046, Log4j2). We continue to closely monitor the situation and provide updates as needed.
We continue to actively monitor the situation and provide updates as needed.
Posted Dec 14, 2021 - 13:40 UTC
Update
As part of mitigating the risks related to recently announced Log4J vulnerability, we will be blocking access to Mambu services from known traffic anonymizer services such as TOR network. Such services are, besides other legitimate use cases, often used by malicious actors to anonymously probe and exploit vulnerable websites, and are not considered applicable to be used in the context of consuming Mambu service commercially.
During the last 72 hours Mambu has been actively investigating and implementing industry recommendations to mitigate threats associated with recently disclosed security issue Log4Shell (CVE-2021-44228 - Log4j2). We continue to actively monitor the situation and provide updates as needed.
Like all other technology companies, Mambu is investigating and actively monitoring any impact on its systems as a result of the recently disclosed security issue Log4Shell (CVE-2021-44228 - Log4j2), as well as implementing further precautions.