An intranet built for the 2020s

Meet Simpplr, the modern employee intranet purpose-built to improve communications, drive culture, and spur employee engagement.

Here to help you succeed

We go beyond basic deployment and support. Learn how Simpplr’s Customer Success will partner with you every step of the way.

We reinvented the intranet

Research-backed, purpose-built, organized and designed for internal communications. Learn what sets us apart.

Take the next step

Ready to connect your workforce and transform your communications? Request a demo, pricing, or find out more about our security practices.

More than a pretty interface

Modern intranets and internal communications apps can positively help your organization in many ways. Learn how Simpplr can help solve tangible business challenges and show intranet ROI.

Technology that helps your career

As Simpplr reinvents the employee intranet, we’re helping communicators get their messages heard and giving IT professionals technology employees love without the administrative drama.

About Simpplr

Learn more about our mission, what’s in the news, and careers at Simpplr. Looking for something else? Get in touch with us.

Your intranet resource center

Access research reports, best practices, webinars, our blog, and everything else you need to set yourself up for success.

All posts

Simpplr Security Incident Response – Apache Log4j (CVE-2021-44228)

Written by

Piyush Rajput

Published

December 16, 2021

Category

Share

At Simpplr, we take the protection of our customers’ data very seriously. We are aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228), and this blog post summarizes CVE-2021-44228 and its impact on Simpplr customers.

On December 9, 2021, a popular Java-based logging library disclosed a serious exploit affecting Apache Log4j (CVE-2021-44228). This vulnerability allows an attacker to execute code on a remote server (Remote Code Execution or RCE).

How does this affect Simpplr? 

Immediately after becoming aware of the vulnerability disclosure, the Simpplr Security Incident Response Team investigated any potential impact on our application and customers. After activating our Information Security Incident Response Plan, we did not find any evidence of unauthorized access to customer data. While our own Simpplr application does not use the vulnerable Apache Log4j library, we are aware that some of our sub-processors are using the utility in some of the services used by the application, and we are working closely with them to mitigate this vulnerability.

What action has Simpplr taken?

After determining our Simpplr application was not impacted directly, our team reviewed responses from third-party providers to ensure there is neither risk to the application nor risk to data via the services provided by the sub-processors. The Simpplr Security Incident Response Team will continue to work with our third-party services, sub-processors, and hosting providers to ensure they mitigate and protect their systems against vulnerabilities. Additionally, if Simpplr becomes aware of unauthorized access to customer data, we will notify impacted customers immediately.

What do I need to do?

We are closely monitoring the situation and do not require action from you at this time. However, we will update you directly if anything changes.

The Simpplr Incident Response Team is monitoring the situation closely and will take immediate action if required. We will continue to update you if additional information is available.

Where can I find more information?

You can find more information about the vulnerability below:

Subscribe to #Connect blog

Fresh insights on improving your employee communication, engagement, and productivity