The Mind Supernova team has taken quick action in relation to resolving the vulnerability advisory related to Log4shell (CVE-2021-44228) which may affect organizations that use vulnerable versions of the Log4j package. The vulnerability is a remote code execution issue in the Apache Log4j logging services application which may affect Java applications.
During our security team’s review, malicious or suspicious activity has not been found. It has been identified as a critical vulnerability and Mind Supernova will continue to respond with the highest priority. Based on the investigation conducted by our security team, we have scanned for and patched known vulnerabilities.
Application Platforms
We have completed our assessment and mitigation across our platforms. The following provides the current status against our platforms.
- Mind Supernova Connect The vulnerability is mitigated through appropriate security controls. No further actions are necessary.
- Mind Supernova Collect Not affected
- Mind Supernova Data Annotation Platform The vulnerability is mitigated through appropriate security controls. No further actions are necessary.
- Ampersand Not affected
- Mind Supernova Mobile Not affected
- GAP The vulnerability is mitigated by disabling the service.
- Secure Workspace Not affected
- A9 The vulnerability is mitigated through appropriate security controls. No further actions are necessary.
Internal Infrastructure
We have identified the 27 systems in our infrastructure that had the vulnerable version of log4j package.
- Unified controller – Manages wireless access points
- 2 servers – Hypervisor, and MS Endpoint Configuration Manager server
- 23 endpoint – End user laptops
We have uninstalled them from all these devices.
Mind Supernova public domains
Mind Supernova global site and its sub domains were not affected with this Log4j vulnerability.
Ongoing monitoring
Mind Supernova is running continuous scans on all our systems and applications to monitor this vulnerability.
Supply Chain monitoring
Additionally, we have been proactively reaching out to our third-party service providers (suppliers) to check how are they impacted by this vulnerability and the actions taken by them.
Please reach out to security@Mind Supernova.com for any questions.
FAQ
Q. Does Mind Supernova use or rely on products that are affected by Log4Shell / CVE-2021-44228?
Yes
Q. Do products or services that Mind Supernova provide to its clients require the use of or access to products affected by Log4Shell?
Yes
Q. Will this impact any product or services that Mind Supernova provides to its clients?
No
Q. To the extent applicable, will this impact Clients ability to access Mind Supernova environment or products?
No
Q. Is there any evidence that the Log4Shell vulnerability has been exploited and Mind Supernova or its customers’ data has been accessed or exfiltrated?
No
Q. Has Mind Supernova experienced or detected any impact to or suspicious or malicious activity in connection with products affected by Log4Shell?
No
Q. What remediation actions has Mind Supernova taken or does Mind Supernova plan to take to address Log4Shell vulnerabilities?
All the vulnerable systems have been remediated by either upgrading, uninstalling the affected Log4J version or changing the runtime properties in our environment. No malicious or suspicious activity has been found.
Q. When has Mind Supernova become aware of the Log4Shell vulnerability?
December 10, 2021
Q. How has Mind Supernova communicated the discovery and remediation of the Log4Shell vulnerability?
Through email and web post