Cybersecurity Vulnerability with Apache Log4j

If your email program has trouble displaying this email, view as a webpage.

FDA - Center for Devices and Radiological Health

Bookmark and Share

Cybersecurity Vulnerability with Apache Log4j

Read More

The U.S. Food and Drug Administration (FDA) is raising awareness of a cybersecurity vulnerability in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1. Log4j is broadly used in a variety of consumer and enterprise services, websites, and applications—as well as medical devices and supporting systems—to log security and performance information.

These vulnerabilities may introduce risks for certain medical devices where the device could be made unavailable, or an unauthorized user could remotely impact the device functionality. At this time, the FDA is not aware of any confirmed adverse events affecting medical devices related to these vulnerabilities.

Questions?

If you have questions about this cybersecurity vulnerability, contact Apache (Log4j Security Team) or cybermed@fda.hhs.gov.