Update for Monday, December 13, 2021
LogicGate became aware of CVE-2021-44228 on the evening of December 9th, within a few hours of the vulnerability’s online publication.
Initial vulnerability patches for in-house tools were pushed into production shortly after discovery. Additionally, we identified two vendors of ours that leverage Log4j and were able to introduce patches for those tools promptly after being provided with such patches by the vendor. Finally, our cloud hosting provider, Amazon Web Services (AWS) confirmed they had resources that were impacted but AWS remediated these on Saturday, December 11, 2021, per their official communications.
LogicGate will be continuing to track and implement subsequent patches to the vulnerability as they are released. We have preventative controls in our environments to detect and prevent exploitation attempts, and will continue introducing patches as they become available. No indicators of compromise have been identified.
Additionally, our team is actively monitoring our third parties for supply chain risk introduced by this vulnerability and its remediation.
There are no actions that need to be taken as it relates to customers and users of the Risk Cloud at this time. Thank you for being a LogicGate customer, and for partnering with us to improve the ever-evolving world of GRC.