For best experience please turn on javascript and use a modern browser!
You are using a browser that is no longer supported by Microsoft. Please upgrade your browser. The site may not present itself correctly if you continue browsing.
Politics, Psychology, Law and Economics (PPLE) Politics, Psychology, Law and Economics (PPLE)

AUAS and UvA approach to global software vulnerability Apache Log4j

13 December 2021

Last Friday, it was announced that a vulnerability had been discovered in a piece of software that is widely used around the world. The vulnerability concerns the log functionality in Apache, a web server. This log functionality is used in various applications at the AUAS and the UvA, for example in software programmed in the Java language.

What is happening?

The National Cyber Security Centre has observed that malicious parties are actively abusing this vulnerability. The higher education sector has also seen attacks. To prevent the AUAS and the UvA from becoming the target of such attacks, the Computer Emergency Response Team (CERT) and the ICT Services department have been taking various measures since Friday.

Measures

The Apache Log4j supplier is working hard on a solution. In the meantime, CERT and ICT Services, in collaboration with IT colleagues in the faculties and service departments, are making a complete inventory of all AUAS and UvA systems and applications in order to determine where the vulnerability exists and how to deal with it where it does. The suppliers of AUAS and UvA systems and applications are also engaged with the situation. In addition, the security measures in our network have been tightened.

Impact

Our Security Operations Centre is actively monitoring our systems and network for possible abuses of the vulnerability. There is currently no reason to believe that any misuse has taken place. There is currently no impact on the continuity of education, research or operational management at the AUAS or the UvA.

SIS

As a preventive measure, SIS is temporarily only accessible to employees using VPN, even if they are working on campus. More information about using a VPN can be found at: VPN (Accessing the UvA network) - Executive Staff and SSU - University of Amsterdam

Students temporarily do not have access to SIS. If necessary, students can access their grades via the MijnUvA app. Course registration continues through the Planner.

More information

If you have additional questions, please contact the ICT Service desk.