Update on Apache Log4j vulnerability CVE-2021-44228, CVE-2021-45046
Incident Report for Cyren Cloud
This incident has been resolved.
Posted Dec 23, 2021 - 15:07 UTC
Since the vulnerabilities in the Java logging library Log4j became known, Cyren has thoroughly checked both external and internal systems for vulnerabilities described in CVE-2021-44228 and CVE-2021-45046. Cyren client software (SDK and daemons) and externally facing systems do not use Log4j and are therefore not affected by the vulnerability. Some internal systems have been identified as vulnerable, and the vulnerability has been mitigated.

Furthermore, we are actively monitoring and detecting threat activities related to CVE-2021-44228 and CVE-2021-45046 to minimize the risk of an exploit to you and your customers. However, we expressly point out that this measure does not represent the comprehensive protection of your systems and that you need to update your Log4j version according to the library vendor recommendations as soon as possible.
Posted Dec 16, 2021 - 16:32 UTC