Cognition360 Response To Log4j Vulnerability

IT Apps
IT Apps
  • Updated

Cognition360’s security and engineering teams are conducting a thorough review of our IT environment and full product portfolio to identify and address any exposure to the recently disclosed Apache Log4j vulnerabilities.

As you may know, any internet-facing system running software that includes a vulnerable version of this open-source utility could potentially be subjected to remote code execution attacks and subsequent exploitation.

We will update this page periodically with additional disclosures and guidance as our investigation continues. The following information reflects our current understanding and may change as we learn more.

Corporate Infrastructure and Services:
We are actively assessing our infrastructure and reviewing software assets to identify potentially affected systems. We are also evaluating all of our vendors for any related vulnerabilities. In addition, our endpoint and network security tools have been configured to detect and prevent exploitation attempts. At this time, we have found no evidence of a compromise within our infrastructure.

Cognition360 Products:
Our product teams are reviewing all software that may incorporate the Log4j utility. If necessary, they will promptly develop fixes and product updates. Currently, Cognition360’s products do not directly rely on any platforms known to be susceptible to the Log4j vulnerability, and we have not identified any affected systems.

We remain committed to maintaining the security and integrity of our products and infrastructure and will continue to provide updates as our investigation progresses.

 

PRODUCT
ASSESSMENT
Data Warehouse Not Impacted
Data Transfer Module Not Impacted
Data Transformation Engine Not Impacted
Data Storage Unit Not Impacted
C360 Live Not Impacted
Data Query Applications Not Impacted
Report Delivery Not Impacted

 

If you have additional questions about the security of your Cognition360 services, please submit a ticket to Cognition360 Support.

For additional expert insights into the threats posed by the Log4j vulnerability -- including information about how some security products can mitigate exposure to these threats -- please visit Apache Log4j Security Vulnerabilities.