Issue:
Secure Code Warrior® is aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228). We have assessed our internal environment for services that may use the vulnerable java component Log4j2. At the time of this update, Secure Code Warrior confirms we are NOT impacted by the vulnerable java component Log4j2.
Impact:
At the time of this update, Secure Code Warrior is not impacted. We are actively monitoring this issue, and are working with our critical suppliers to understand impacts in the supply chain that might have an impact on the services we offer you.
For more information, please review CVE-2021-44228 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and the Apache Log4j2 (https://logging.apache.org/log4j/2.x/index.html) post.
Update: 15/12/2021
Further to the previous update on the 13th December 2021, Secure Code Warrior is continuing to work with our third-party providers to understand any potential impacts to services we are providing you. At the time of this update, Secure Code Warrior is aware that some of our service providers have been impacted by the vulnerability and are patching affected systems and services. Secure Code Warrior’s platform is NOT impacted by these systems and services, and there is no indication of customer data compromise.
FINAL UPDATE
Date: 20/12/2021
Further to the update on the 15th December 2021, Secure Code Warrior has assessed its third-party providers to understand any potential impacts to services we are providing you. At the time of this update, Secure Code Warrior can confirm that its service providers have patched affected systems/services and continue to monitor their ecosystems for changes. Secure Code Warrior is not aware of any impact to our platform or any unauthorised access to customer data.
Comments
0 comments
Please sign in to leave a comment.