Cognition360’s security and engineering teams are conducting a thorough review of our IT environment and full product portfolio to identify and address any exposure to the recently disclosed Apache Log4j vulnerabilities.
As you may know, any internet-facing system running software that includes a vulnerable version of this open-source utility could potentially be subjected to remote code execution attacks and subsequent exploitation.
We will update this page periodically with additional disclosures and guidance as our investigation continues. The following information reflects our current understanding and may change as we learn more.
Corporate Infrastructure and Services:
We are actively assessing our infrastructure and reviewing software assets to identify potentially affected systems. We are also evaluating all of our vendors for any related vulnerabilities. In addition, our endpoint and network security tools have been configured to detect and prevent exploitation attempts. At this time, we have found no evidence of a compromise within our infrastructure.
Cognition360 Products:
Our product teams are reviewing all software that may incorporate the Log4j utility. If necessary, they will promptly develop fixes and product updates. Currently, Cognition360’s products do not directly rely on any platforms known to be susceptible to the Log4j vulnerability, and we have not identified any affected systems.
We remain committed to maintaining the security and integrity of our products and infrastructure and will continue to provide updates as our investigation progresses.