China’s Ministry of Industry and Information Technology has suspended an information-sharing partnership with Alibaba’s cloud division.
The government regulator claimed that Alibaba failed to promptly report and address a cybersecurity vulnerability.
Alibaba Cloud allegedly did not immediately report vulnerabilities in the open-source logging framework Apache Log4j2. It discovered the remote code execution vulnerability and notified the US-based Apache Software Foundation, but the MIIT found out through a third party report.
“This vulnerability may lead to remote control of equipment, which may lead to serious harms such as the theft of sensitive information and interruption of equipment services. It is a high-risk vulnerability,” the telecommunications regulator said in a statement.
It has suspended a partnership with Alibaba on cooperating over cybersecurity threats and information-sharing platforms. It will reassess the suspension in six months, if the company makes internal changes.