Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI
SailPoint has fully mitigated the Log4J RCE vulnerability (CVE-2021-44228) in all impacted products.
We are aware of the recently-identified Log4J DoS vulnerability (CVE-2021-45046) that is also applicable to the impacted products. While this new DoS vulnerability has a low severity (CVSS score of 3.7 per NVD), we are actively working on addressing this vulnerability by upgrading to Log4J 2.16.0 and expect product releases that include the updated library to be available in the coming days.
We will be issuing further communications once this issue has been addressed. No action is needed at this time.
