Spica Technologies Statement: Platform not affected by “Log4Shell”

December 14, 2021
Gemma Worgan

You may have recently seen in the news information relating to a potentially very serious security vulnerability that will likely affect a broad range of cloud-based SaaS offerings and services. The exploit was disclosed on December 9th, and could potentially allow an attacker to execute code on a remote server. The vulnerability was found within a popular Java-based logging package known as Log4j. Given the widespread use of Java in cloud-based systems, and the widespread use of Log4j as a logging framework, the vulnerability is considered one of the most serious in recent times.

You can read more about the exploit and its potential impacts here: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/

Spica Status

As soon as Spica became aware of the vulnerability, we took steps to protect our platform and most importantly our customer data. 

To be clear, we do not believe that Spica’s GemEx platform or the Luna app were vulnerable to this exploit at any point in time.

Nevertheless, we took steps to protect ourselves and conduct an investigation:

  • On the 10th December Spica’s hosting partner, Amazon Web Services (AWS), released an  update to their Web Application Firewall (WAF) which is used to safeguard all of Spica’s cloud resources. The update added new rules to the firewall to prevent requests that contain the commonly used Log4j headers from reaching GemEx instances, and Spica’s WAF infrastructure was updated automatically.
  • Spica has conducted a review of all cloud application source code, verifying that none of the affected Log4j libraries are being used in any of our products.
  • We have passed on information relating to the vulnerability to our IOT vendors and have asked them to confirm whether they are affected.

To reiterate, Spica is not directly affected by the CVE-2021-44228 exploit and we will continue to gather information from our suppliers to determine whether they have been affected. We strongly encourage customers who manage environments containing Log4j to check to see if they are affected and take the necessary action.

How to launch your employee app

How to launch your employee app

And make it stick the landing! Let's make some assumptions. You've chosen your employee app, it fits your budget and tech stack and now you're thinking how do I get our teams to use it. I'm also going to take a leap of faith here and say you know what an employee app...

read more
A Year in Review

A Year in Review

As we bid farewell to another remarkable year, it's time to reflect on Spica's journey through 2023 – a year filled with groundbreaking achievements, and a relentless pursuit of innovation. From redefining our workplace experience app to expanding our global...

read more

Download

Better Building Management: IoT and Environmental Quality Whitepaper

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download

Portfolio Analytics Data Sheet

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download

Spica Workplace Fact Sheet

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download

Booking Services Data Sheet

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download


Better Spica-Worktech WEX App SurveyReport

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!