|
Cybersecurity Vulnerability with Apache Log4j
The U.S. Food and Drug Administration (FDA) is raising awareness of a cybersecurity vulnerability in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1. Log4j is broadly used in a variety of consumer and enterprise services, websites, and applications—as well as medical devices and supporting systems—to log security and performance information.
These vulnerabilities may introduce risks for certain medical devices where the device could be made unavailable, or an unauthorized user could remotely impact the device functionality. At this time, the FDA is not aware of any confirmed adverse events affecting medical devices related to these vulnerabilities.
Questions?
If you have questions about this cybersecurity vulnerability, contact Apache (Log4j Security Team) or cybermed@fda.hhs.gov.
|
