This support forum is no longer in use. Please use the Cloudinary Community at https://community.cloudinary.com/ to receive assistance from other members of the community and from Cloudinary's support team. For account-specific questions or if you believe that you've encountered a bug, please contact the Cloudinary team directly via the "submit a request" option on this support site.

Log4j Vulnerability - Response Required

Follow
Avatar
OriginEnergy Digital

Dear Cloudinary Support, 

As you are no doubt aware, there is currently a global ‘Log4j’ cyber vulnerability issue, with the potential to impact most organisations.

Remote actors (hackers) are using this security weakness to try to compromise systems and data.

Origin is taking this issue seriously and has already deployed controls to protect our internal systems and customer data. We’re also keen to understand the impact on the systems and data our service providers manage on our behalf.

As one of our service providers, we’d appreciate your response to the following questions, as soon as possible. 

  1. Is Origin data on your systems, or the services you provide to Origin, affected by this vulnerability?
  2. Is Origin data on any third-party systems or the suppliers you use affected by this vulnerability?
  3. If you answered yes to either question above, please provide a description of the remediation activities you intend to undertake and an estimated completion time.

Please email our Business Security team, BusinessSecurity@origin.com.au, with any queries, we’re here to help.

 

Kind regards,

Kim Coquia

 

 

Origin

m: 0421 551 507

e: kimberlyanne.coquia@origin.com.au

321 Exhibition St, Melbourne Vic 3000

w: www.origin.com.au

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Francis Tagbo

    Hi Kim,

    We fully understand your concern around this new, critical level, Log4j vulnerability. Especially as it was categorized as Critical with a CVSS score of 10 (the highest score possible). 

    Our security and operations teams immediately (Friday, Dec.10, 2021) reviewed all of our services and interfaces in order to map potential exposures.

    Our team managed to successfully validate that currently, we’re not aware of any potential exposure for this specific vulnerability. 

    In general, we believe in proactive security operations, meaning, we’ll keep evaluating the situation in order to verify we proactively mitigate potential related risks going forward.

    Best Regards,
    Francis

    0
    Comment actions Permalink

Post is closed for comments.