UTServicesLISACyber safetyNewsUpdate on worldwide software issue Log4j

Update on worldwide software issue Log4j

This weekend, it became clear that a widely used digital tool, Log4j, contains serious vulnerabilities. Log4j is used worldwide in various applications. Not in all cases is it visible to the user that it is being used. The University of Twente also uses some applications that make use of Log4j.

Since the vulnerability became known, colleagues of the LISA service department have been taking measures to counteract this vulnerability. They are doing so both for applications under their own management and for third-party applications used by the UT.

What you notice as a user

The vulnerability requires various applications to be updated. Suppliers are also updating their software to prevent further misuse. This could mean that various applications will not be available for a short period of time in the near future. For example, Proactis, the application for approving invoices, has been temporarily offline earlier today, because the supplier has been working on a solution. The application is now online again.

Extent of the problem

The Log4j vulnerability is a worldwide problem. We are currently investigating tracks to determine whether the vulnerability has been exploited in relation to our systems. We are in close contact with relevant parties such as SURF-CERT, other universities and the National Cyber Security Centre (NCSC) in order to be informed as best we can about possibilities to counteract vulnerabilities.