Log4j Vulnerability - Response Required
Dear Cloudinary Support,
As you are no doubt aware, there is currently a global ‘Log4j’ cyber vulnerability issue, with the potential to impact most organisations.
Remote actors (hackers) are using this security weakness to try to compromise systems and data.
Origin is taking this issue seriously and has already deployed controls to protect our internal systems and customer data. We’re also keen to understand the impact on the systems and data our service providers manage on our behalf.
As one of our service providers, we’d appreciate your response to the following questions, as soon as possible.
- Is Origin data on your systems, or the services you provide to Origin, affected by this vulnerability?
- Is Origin data on any third-party systems or the suppliers you use affected by this vulnerability?
- If you answered yes to either question above, please provide a description of the remediation activities you intend to undertake and an estimated completion time.
Please email our Business Security team, BusinessSecurity@origin.com.au, with any queries, we’re here to help.
Kind regards,
Kim Coquia
Origin
m: 0421 551 507
e: kimberlyanne.coquia@origin.com.au
321 Exhibition St, Melbourne Vic 3000
-
Hi Kim,
We fully understand your concern around this new, critical level, Log4j vulnerability. Especially as it was categorized as Critical with a CVSS score of 10 (the highest score possible).
Our security and operations teams immediately (Friday, Dec.10, 2021) reviewed all of our services and interfaces in order to map potential exposures.
Our team managed to successfully validate that currently, we’re not aware of any potential exposure for this specific vulnerability.
In general, we believe in proactive security operations, meaning, we’ll keep evaluating the situation in order to verify we proactively mitigate potential related risks going forward.
Best Regards,
Francis0
Post is closed for comments.
Comments
1 comment