How Phlexglobal has responded to Log4j vulnerability

Posted by Tom Underhill | Dec 17, 2021 7:11:59 PM

At Phlexglobal, as we are made aware of new potential security vulnerabilities we rapidly assess the risk and take appropriate action in line with our SOPs regarding vulnerability management.  

On December 9th 2021 a vulnerability in a Java based package log4j was made public and has since had widespread news coverage. This vulnerability allows an attacker to execute code on a remote server. Because of the widespread use of Java and Log4j, this is considered a serious and potentially impactful vulnerability. As such, Phlexglobal has rated this as a High risk and taken immediate action.

 

Phlexglobal’s core products, PhlexTMF and PhlexRIM are both protected by Cloudflare WAF, which provided an immediate response to the issue to protect customers. More details on this can be found at https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/ 


In addition, Phlexglobal has run a full perimeter scan using AppCheck security scanning platform. AppCheck provided targeted templates to scan for this vulnerability, more details can be found at https://appcheck-ng.com/apache-log4j-vulnerability-cve-2021-44228/. This scan did not find any vulnerabilities across the Phlexglobal network.

 

We are currently reviewing all our critical suppliers and assessing their responses to this situation and ensuring that these meet the standards that we demand. We are cross referencing against a public list of open vulnerabilities that we are following which can be found at https://github.com/NCSC-NL/log4shell/tree/main/software.  We also continue to rely on our internal tooling, including Darktrace and Azure Sentinel, to identify any suspicious network behaviour. 

 

Topics: TMF, RIM / IDMP

How Phlexglobal has responded to Log4j vulnerability

At Phlexglobal, as we are made aware of new potential security vulnerabilities we rapidly assess the risk and take ...

Read More

What Is the EMA DADI Project - and Why Is It Critical to IDMP, eCTD, RIM, and More?

If you are at all familiar with ISO IDMP (Identification of Medicinal Products), you are likely aware that this complex ...

Read More

How Are Decentralized (Virtual) Trials Improving Clinical Efficiency?

On June 24, 2021, I was honored to moderate a dynamic roundtable discussion with an outstanding group of industry ...

Read More

How to Close the “TMF Compliance Gap” with Advanced eTMF Archiving

Adapted from a Phlexglobal Innovation Tour webinar, “Crossing the TMF Compliance Gap with Inspection-Ready Access for ...

Read More

Overcoming TMF Artificial Intelligence Challenges

Adapted from a Phlexglobal Innovation Tour webinar, “Streamlining TMF Documentation through Clinical Automation,” held ...

Read More

How to Ensure Your Trial Master File's Audit Trail is Inspection-Ready

Regulatory agencies are increasingly looking at the TMF audit trail to gain greater insight into data integrity. We ...

Read More

Subscribe To Our Blog!

Digital Brain Header Large Brain Right

It's time to raise your standard 

CONTACT PHLEXGLOBAL TODAY
 
Contact Us