cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Log4J Remote Code Execution (RCE) and Denial of Service (DoS) Vulnerabilities Update

lorrin_minton
Community Manager
Community Manager
11 0 3,591

Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI

SailPoint has fully mitigated the Log4J RCE vulnerability (CVE-2021-44228) in all impacted products.

We are aware of the recently-identified Log4J DoS vulnerability (CVE-2021-45046) that is also applicable to the impacted products. While this new DoS vulnerability has a low severity (CVSS score of 3.7 per NVD), we are actively working on addressing this vulnerability by upgrading to Log4J 2.16.0 and expect product releases that include the updated library to be available in the coming days.

We will be issuing further communications once this issue has been addressed. No action is needed at this time.