Log4j Vulnerability

lorrin_minton
Community Manager
Community Manager
3 0 4,528

Stay up to date on all the community announcements and updates herehttps://community.sailpoint.com/t5/Community-Announcements/bg-p/community-announcements

 

IdentityNow/IdentityAI:

log4j Remote Code Execution Vulnerability


SailPoint SaaS Services Response to log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library used in several SailPoint SaaS solutions (IdentityNow and IdentityAI) was announced and is being tracked by CVE-2021-44228.

SailPoint is actively tracking this vulnerability and has implemented mitigating controls in our SaaS edge services. Teams are actively working to complete additional mitigations and remediations associated with on-premise services. Estimated completion for internal services is tomorrow, Dec 11th.

Cloud Access Manager:

log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library was announced and is being tracked by CVE-2021-44228.

SailPoint has investigated this critical severity vulnerability and has determined that the CAM environments, which do not use the log4j library, are not impacted by this vulnerability.

The entire SailPoint team is available to answer any question you may have about this vulnerability. If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager.

SaaS Management:

log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library was announced and is being tracked by CVE-2021-44228.

SailPoint has investigated this critical severity vulnerability and has determined that the SaaS Management environments, which do not use the log4j library, are not impacted by this vulnerability.

The entire SailPoint team is available to answer any question you may have about this vulnerability. If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager.

Access Risk Management:

log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library was announced and is being tracked by CVE-2021-44228.

SailPoint has investigated this critical severity vulnerability and has determined that the ARM environments, which do not use the log4j library, are not impacted by this vulnerability.

The entire SailPoint team is available to answer any question you may have about this vulnerability. If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager.