Log4J vulnerability (CVE-2021-44832) update - February 10, 2022

lorrin_minton
Community Manager
Community Manager
8 0 1,643

Impacted Products: IdentityIQ (IIQ), File Access Manager (FAM), and Identity Now Cloud Connector Gateway (IDN CCG) deployments where customers have modified out of the box log4j2 configuration to use a JDBC Appender with a data source referencing a JNDI URI.

SailPoint has upgraded all impacted products to Log4J 2.17.1 which addresses the most recent Remote Code Execution (RCE) vulnerability (CVE-2021-44832) and all previously identified Log4J vulnerabilities. For more information on individual product upgrades, refer to the Identity IQ blog post and the File Access Manager blog post.

 

Please subscribe to the product-specific blogs for future security and other important announcements related to the individual products.

Labels