How Phlexglobal has responded to Log4j vulnerability

Posted by Tom Underhill | Dec 17, 2021 7:11:59 PM

At Phlexglobal, as we are made aware of new potential security vulnerabilities we rapidly assess the risk and take appropriate action in line with our SOPs regarding vulnerability management.  

On December 9th 2021 a vulnerability in a Java based package log4j was made public and has since had widespread news coverage. This vulnerability allows an attacker to execute code on a remote server. Because of the widespread use of Java and Log4j, this is considered a serious and potentially impactful vulnerability. As such, Phlexglobal has rated this as a High risk and taken immediate action.

 

Phlexglobal’s core products, PhlexTMF and PhlexRIM are both protected by Cloudflare WAF, which provided an immediate response to the issue to protect customers. More details on this can be found at https://blog.cloudflare.com/how-cloudflare-security-responded-to-log4j2-vulnerability/ 


In addition, Phlexglobal has run a full perimeter scan using AppCheck security scanning platform. AppCheck provided targeted templates to scan for this vulnerability, more details can be found at https://appcheck-ng.com/apache-log4j-vulnerability-cve-2021-44228/. This scan did not find any vulnerabilities across the Phlexglobal network.

 

We are currently reviewing all our critical suppliers and assessing their responses to this situation and ensuring that these meet the standards that we demand. We are cross referencing against a public list of open vulnerabilities that we are following which can be found at https://github.com/NCSC-NL/log4shell/tree/main/software.  We also continue to rely on our internal tooling, including Darktrace and Azure Sentinel, to identify any suspicious network behaviour. 

 

This blog is intended to communicate PharmaLex's capabilities which are backed by the author’s expertise. However, PharmaLex and its parent, Cencora, Inc., strongly encourage readers to review the references provided with this blog and all available information related to the topics mentioned herein and to rely on their own experience and expertise in making decisions related thereto as the blog may contain certain marketing statements and does not constitute legal advice.

Topics: TMF, RIM / IDMP

Smart Steps to Managing Your TMF Audit Trail

The term audit trail can be daunting for companies, but this is a regulatory requirement. Simply put, when it comes to ...

Read More

Lowering the TMF temperature through quality reviews

We are thrilled to announce Season 2 of our exciting webinar program, Summer Shorts: TMF Excellence Edition! Avoid ...

Read More

Five-step Game Plan for a TMF Close-out

Close-out of a clinical trial raises many questions about responsibility and management of the trial master file (TMF). ...

Read More

Staying on Top of the Trial Master File

As regulatory agencies increasingly focus on the processes and workflows behind the Trial Master File (TMF), not just ...

Read More

How AI Can Support the Trial Master File

Full adoption of artificial intelligence might be some way off, but industry is starting to embrace the opportunities ...

Read More

Subscribe To Our Blog!


Digital Brain Header Large Brain Right

It's time to raise your standard 

CONTACT PHLEXGLOBAL TODAY
 
Contact Us