A zero-day exploit for Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that can result in remote code execution.

The Polonious team immediately started an assessment of our code base and can confirm that the Polonious system is not affected by this vulnerability.

TL;DR

We have scanned our source code and no references to the class org/apache/logging/log4j/core/lookup/JndiLookup.class which introduced the vulnerabiliy was found.

We also confirmed that we are not including the library log4j-core (where above class is included) in our source code.

Some newer components of Polonious use the log4j-api library with an underlying implementation of Logback, which is not affected by this vulnerability.

Additionally all KNOX-grade Polonious clients have Cloudflare Web Application Firewall to stop any attempts to exploit this vulnerability. See this blog for further details.

Our SIEM solution Cyflare also supports detection of any exploits for additional peace of mind.

Security is of utmost importance at Polonious and we do everything to keep your data safe.

If you have any further questions, don’t hesitate to reach out to our support team.