On December 9, 2021, a popular Java-based logging library disclosed a serious exploit affecting Apache Log4j (CVE-2021-44228). This vulnerability allows an attacker to execute code on a remote server (Remote Code Execution or RCE).
How does this affect Simpplr?
Immediately after becoming aware of the vulnerability disclosure, the Simpplr Security Incident Response Team investigated any potential impact on our application and customers. After activating our Information Security Incident Response Plan, we did not find any evidence of unauthorized access to customer data. While our own Simpplr application does not use the vulnerable Apache Log4j library, we are aware that some of our sub-processors are using the utility in some of the services used by the application, and we are working closely with them to mitigate this vulnerability.
What action has Simpplr taken?
After determining our Simpplr application was not impacted directly, our team reviewed responses from third-party providers to ensure there is neither risk to the application nor risk to data via the services provided by the sub-processors. The Simpplr Security Incident Response Team will continue to work with our third-party services, sub-processors, and hosting providers to ensure they mitigate and protect their systems against vulnerabilities. Additionally, if Simpplr becomes aware of unauthorized access to customer data, we will notify impacted customers immediately.
What do I need to do?
We are closely monitoring the situation and do not require action from you at this time. However, we will update you directly if anything changes.
The Simpplr Incident Response Team is monitoring the situation closely and will take immediate action if required. We will continue to update you if additional information is available.
Where can I find more information?
You can find more information about the vulnerability below:
