Apricot

On December 10, 2021, the National Institute of Standard and Technologies and the National Vulnerability Database identified a Log4j vulnerability.   Our internal security teams were notified of this vulnerability the day the exploits were publicly announced and have executed our incident response plan. We have performed a full evaluation of our application services as well as third party integrations to determine the scope of impact, and have determined that our Apricot, Penelope, and ETO applications are not vulnerable to the log4shell exploits. After reviewing logs and our internal SIEM data, we have also determined that there is no evidence of compromise in our systems.  As this is a constantly evolving and high-profile vulnerability, our internal teams are continuing to assess our infrastructure, review new exploits/methods, apply relevant patches and configuration changes, and monitor our systems for any indicators of compromise.   For more information regarding this vulnerability, please visit the National Vulnerability Database's list of Common Vulnerabilities and Exposures (CVE-2021-44228)  Currently, there are no actions required by SSG customers. However, again, due to the dynamic and fluid nature of the situation, we are continuing to monitor for any relevant developments and will update accordingly.

National Vulnerability Database CVE-2021-44228

Addressing Log4j Vulnerability CVE-2021-44228 | Apricot

Social Solutions is Bonterra!

Find answers and get help from Intercom Support and Community Experts