A zero-day exploit for Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that can result in remote code execution.

The Polonious team immediately started an assessment of our code base and can confirm that the Polonious system is not affected by this vulnerability.

TL;DR

We have scanned our source code and no references to the class org/apache/logging/log4j/core/lookup/JndiLookup.class which introduced the vulnerabiliy was found.

We also confirmed that we are not including the library log4j-core (where above class is included) in our source code.

Some newer components of Polonious use the log4j-api library with an underlying implementation of Logback, which is not affected by this vulnerability.

Additionally all KNOX-grade Polonious clients have Cloudflare Web Application Firewall to stop any attempts to exploit this vulnerability. See this blog for further details.

Our SIEM solution Cyflare also supports detection of any exploits for additional peace of mind.

Security is of utmost importance at Polonious and we do everything to keep your data safe.

If you have any further questions, don’t hesitate to reach out to our support team.

 

close

Don't miss our next newsletter!

Our newsletter is sent once per month and covers interesting and relevant news and developments related to investigation management. Unsubscribe any time.

SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.