Cognition360 security and engineering teams are engaged in a comprehensive review of our information technology environment and our full product portfolio to identify and remediate exposure to the recently disclosed vulnerabilities in the Apache Log4j utility.
Any internet-facing system running software that includes a vulnerable version of this open-source utility may potentially be subjected to remote code execution attacks and follow-on exploitation.
Cognition360 will periodically update this site with additional disclosures and guidance as our investigation progresses. The following information is based upon discoveries to date and is subject to change as circumstances evolve.
Corporate Infrastructure and Services: Cognition360’s infrastructure is conducting assessments and software asset reviews to identify any potentially affected systems. All vendors of Cognition360 are being reviewed for any potential vulnerabilities. In addition, our endpoint and network security solutions have been tuned to detect and prevent exploitation attempts. At this time, we have not discovered any compromise of our infrastructure.
Cognition360 Products: Engineers from our product teams are assessing all software that incorporates any version of the Log4j utility and, where necessary, developing fixes and product updates to address the vulnerability on an expedited basis. Cognition360’s products do not directly rely on any of the listed platforms susceptible to the Log4j vulnerability. To date, we have not identified any systems that may be impacted by the Log4j vulnerability.
PRODUCT
|
ASSESSMENT |
Data Warehouse | Not Impacted |
Data Transfer Module | Not Impacted |
Data Transformation Engine | Not Impacted |
Data Storage Unit | Not Impacted |
C360 Live | Not Impacted |
Data Query Applications | Not Impacted |
Report Delivery | Not Impacted |
If you have additional questions about the security of your Cognition360 services, please contact our Support Desk.
For additional expert insights into the threats posed by the Log4j vulnerability -- including information about how some security products can mitigate exposure to these threats -- please visit Apache Log4j Security Vulnerabilities.