Luxembourg, December 15, 2021
A serious vulnerability in Apache Log4j, a widely used logging package for Java has been identified as CVE-2021-44228 and given the name Log4Shell. This vulnerability represented a major security risk and required immediate mitigation.
Wordbee does not use this vulnerable component in our code base. However, we do use the “Elastic Search” system, https://www.elastic.co/, which uses Log4j. On Monday, December 13, 2021, Elastic Search released a statement and instructions on how to mitigate this vulnerability.
On Monday, December 13, 2021, at 7:00 pm CET, Wordbee successfully applied the recommended fixes to our Swizterland data center, and on Tuesday, December 14th at 9:00 pm to all other data centers.
We would like to add that according to Elastic Search, the version we use represented a limited attack surface. Successful attacks would have required prior authentication as a Wordbee Translator user. This immediately excluded a discovery of the vulnerability by botnets.
Update: December 16, 2021
An additional vulnerability (CVE-2021-45046) was discovered by ElasticSearch after it was found that the fix to address the original vulnerability was incomplete in certain non-default configurations. Our guidance for Elasticsearch updates is unchanged and Wordbee is not affected by the newly identified vulnerability. The mitigation procedures, done on December 13 and 14, 2021, to all our data centers are still valid and mitigate the risks of both the CVE-2021-44228 and the new CVE-2021-45046.
Established in 2008, Wordbee is a Luxembourg-based Translation Technology company that develops Wordbee Translator, a collaborative translation editor (CAT) and project management solution, as well as Wordbee Beebox, a content connector that interfaces with the most popular CMS software on the market. Wordbee helps enterprises, language service providers, and public institutions to implement high-performance translation management technologies.
Using Wordbee’s technology improves the time-to-market of products and services while still enhancing the quality of translations at a lower cost.
For more information, please contact us at email@example.com.