How Phlexglobal has responded to Log4j vulnerability

Posted by Tom Underhill | Dec 17, 2021 7:11:59 PM

At Phlexglobal, as we are made aware of new potential security vulnerabilities we rapidly assess the risk and take appropriate action in line with our SOPs regarding vulnerability management.  

On December 9th 2021 a vulnerability in a Java based package log4j was made public and has since had widespread news coverage. This vulnerability allows an attacker to execute code on a remote server. Because of the widespread use of Java and Log4j, this is considered a serious and potentially impactful vulnerability. As such, Phlexglobal has rated this as a High risk and taken immediate action.

 

Phlexglobal’s core products, PhlexTMF and PhlexRIM are both protected by Cloudflare WAF, which provided an immediate response to the issue to protect customers. More details on this can be found at https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/ 


In addition, Phlexglobal has run a full perimeter scan using AppCheck security scanning platform. AppCheck provided targeted templates to scan for this vulnerability, more details can be found at https://appcheck-ng.com/apache-log4j-vulnerability-cve-2021-44228/. This scan did not find any vulnerabilities across the Phlexglobal network.

 

We are currently reviewing all our critical suppliers and assessing their responses to this situation and ensuring that these meet the standards that we demand. We are cross referencing against a public list of open vulnerabilities that we are following which can be found at https://github.com/NCSC-NL/log4shell/tree/main/software.  We also continue to rely on our internal tooling, including Darktrace and Azure Sentinel, to identify any suspicious network behaviour. 

 

Topics: TMF, RIM / IDMP

Staying on Top of the Trial Master File

As regulatory agencies increasingly focus on the processes and workflows behind the Trial Master File (TMF), not just ...

Read More

How AI Can Support the Trial Master File

Full adoption of artificial intelligence might be some way off, but industry is starting to embrace the opportunities ...

Read More

A Blueprint for Genuine Partnership in TMF Improvement

The Trial Master File (TMF) has evolved from a repository of documents at the end of a study to an integral cog in the ...

Read More

Rewind the clock and take TMF back to basics

Rewind the clock and take TMF back to basics: The paradigm of maintaining simplicity while embracing technology. In 20 ...

Read More

How to Reduce Risk and Effort When Migrating a Trial Master File

Migrating Trial Master File (TMF) data is a fairly common occurrence, usually driven by one or more of the following ...

Read More

Consistency: The Secret to Improving Quality and Efficiency in TMF Document Processing

Based on extensive work helping trial sponsors and Contract Research Organizations (CROs) implement Trial Master File ...

Read More

Subscribe To Our Blog!


Digital Brain Header Large Brain Right

It's time to raise your standard 

CONTACT PHLEXGLOBAL TODAY
 
Contact Us