Log4j Information Hub

On December 9, LogicGate's InfoSec and Engineering teams became aware of the widespread vulnerabilities related to the third party library Log4j. Like many other organizations, some of LogicGate’s underlying tools include this library. LogicGate has promptly pushed vulnerability patches into production as they have been made available and has not identified any indicators of compromise.

LogicGate response to published Log4j vulnerabilities

Although the situation is evolving, LogicGate commits to:

  • Continued prompt introduction of patches within our control as they are released
  • Continued monitoring of security controls to prevent and detect exploitation attempts
  • Continued assessment and monitoring of our relevant third parties for supply chain risk introduced by this vulnerability

Please visit the LogicGate blog for recommended questions and additional resources.

LogicGate response to published Log4j vulnerabilities
Updates:

Updates:

Update for Monday, December 20, 2021
LogicGate is aware of CVE-2021-45105 and has activated emergency patching processes. Patch 2.17.0 was implemented on 12/18/2021.

Update for Friday, December 17, 2021
LogicGate is continuing to promptly patch third party vendor tools as patches become available. 

Update for Tuesday, December 14, 2021
LogicGate is aware of CVE-2021-45046 and has activated emergency patching processes. Patch 2.16.0 was implemented on 12/14/2021.

Update for Monday, December 13, 2021
LogicGate became aware of CVE-2021-44228 on the evening of December 9th, within a few hours of the vulnerability’s online publication.

Initial vulnerability patches for in-house tools were pushed into production shortly after discovery. Additionally, we identified two vendors of ours that leverage Log4j and were able to introduce patches for those tools promptly after being provided with such patches by the vendor. Finally, our cloud hosting provider, Amazon Web Services (AWS) confirmed they had resources that were impacted but AWS remediated these on Saturday, December 11, 2021, per their official communications.

LogicGate will be continuing to track and implement subsequent patches to the vulnerability as they are released. We have preventative controls in our environments to detect and prevent exploitation attempts, and will continue introducing patches as they become available. No indicators of compromise have been identified.

Additionally, our team is actively monitoring our third parties for supply chain risk introduced by this vulnerability and its remediation.

There are no actions that need to be taken as it relates to customers and users of the Risk Cloud at this time. Thank you for being a LogicGate customer, and for partnering with us to improve the ever-evolving world of GRC.

Here To Support You

THIS IS RISK CLOUD

Contact Us