Past Incidents

Currently we are facing issues with the SysEleven Stack API. Authentication requests may be rejected wrongly. We are working on a solution and keep you informed. The outage only affects spawning new virtual machines or changing existing resources.

We apologise for any inconveniences.

Metakube API is failing for the FES region. No clusters can be created or managed currently.

Update (17:45): A change could not propagate to the FES infrastructure for Metakube because of a race condition. We were able to manually fix the problem. All systems are operational again.

Affected Systems: Customer Applications

Incident Start: 10.12.2021 17:00

Incident End: 13.12.2021 11:00

Description:

On 10/12/2021 a security alert was published, which can be found at CVE-2021-44228.

The risk is that a Remote Code Execution (RCE) Format String Lookup Vulnerability can be exploited when using Apache Log4j2 in a version >=2.0 and <2.15.

We have contacted all customers individually who, to our knowledge, are urgently affected by the vulnerability. We also cannot exclude the possibility that a corresponding version is running in your user context due to your own deployment and cannot be identified by us.

**We therefore ask every customer to check their own application for the possibility of being affected by the aforementioned security vulnerability.

We are happy to assist you within the scope of our possibilities. Please open a ticket in our helpdesk (https://helpdesk.syseleven.de). Outside our service hours, please contact our on-call service by phone in case of emergency.

See also our HelpDesk Article.

Customer Impact:

Possible: Remote Code Execution (RCE) Format String Lookup Vulnerability

Update: 13.12.2021 11:00

We close this notification Issue. To handle the incident individuelly, please create a Ticket.