Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI
SailPoint is aware of the recently-identified log4j DoS vulnerability (CVE-2021-45046) that is related to the log4j critical RCE vulnerability (CVE-2021-44228). We are actively investigating the impact of that vulnerability, however preliminary analysis using information provided by the Apache Logging Services project and the CVE project seems to indicate that it is not a critical vulnerability (CVSS score of 3.7).
We will be issuing further communications on our remediation plans once they become available. No action is needed at this time.
