How Phlexglobal has responded to Log4j vulnerability

Posted by Tom Underhill | Dec 17, 2021 7:11:59 PM

At Phlexglobal, as we are made aware of new potential security vulnerabilities we rapidly assess the risk and take appropriate action in line with our SOPs regarding vulnerability management.  

On December 9th 2021 a vulnerability in a Java based package log4j was made public and has since had widespread news coverage. This vulnerability allows an attacker to execute code on a remote server. Because of the widespread use of Java and Log4j, this is considered a serious and potentially impactful vulnerability. As such, Phlexglobal has rated this as a High risk and taken immediate action.

 

Phlexglobal’s core products, PhlexTMF and PhlexRIM are both protected by Cloudflare WAF, which provided an immediate response to the issue to protect customers. More details on this can be found at https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/ 


In addition, Phlexglobal has run a full perimeter scan using AppCheck security scanning platform. AppCheck provided targeted templates to scan for this vulnerability, more details can be found at https://appcheck-ng.com/apache-log4j-vulnerability-cve-2021-44228/. This scan did not find any vulnerabilities across the Phlexglobal network.

 

We are currently reviewing all our critical suppliers and assessing their responses to this situation and ensuring that these meet the standards that we demand. We are cross referencing against a public list of open vulnerabilities that we are following which can be found at https://github.com/NCSC-NL/log4shell/tree/main/software.  We also continue to rely on our internal tooling, including Darktrace and Azure Sentinel, to identify any suspicious network behaviour. 

 

Topics: TMF, RIM / IDMP

Sponsors Gear Up For a Smoother Process With CTIS but Must First Overcome Key Hurdles

Read the latest blog from our Pharmalex colleagues, Milena Shuytsova-Mircheva and Lisa Pascoe, who discuss the benefit ...

Read More

Decision Criteria for the Next Generation of Regulatory Information Management (RIM) Systems

Adapted from a Phlexglobal webinar, “The Next Phase of Intelligent Regulatory Process Automation,” held April 20, 2022 ...

Read More

The Future of the TMF Reference Model

Adapted from a Phlexglobal Ask An Expert interactive discussion, “TMF Reference Model Q&A,” held April 6, 2022 and ...

Read More

How Quality Review and Heatmaps Can Reduce Remediation Time, Cost, and Effort for an Acquired Trial Master File

Adapted from a Phlexglobal Ask An Expert interactive discussion, “How to Ensure TMF Inspection Readiness & ...

Read More

Congratulations! You Just Acquired a Trial Master File. Now What?

Adapted from a Phlexglobal Ask An Expert interactive discussion, “How to Ensure TMF Inspection Readiness & ...

Read More

Why Is the Trial Master File Critical in M&A activities?

Adapted from a Phlexglobal Ask An Expert seminar, “How to Ensure TMF Inspection Readiness & Compliance for a ...

Read More

Subscribe To Our Blog!

Digital Brain Header Large Brain Right

It's time to raise your standard 

CONTACT PHLEXGLOBAL TODAY
 
Contact Us