kensnyder
Head of Support
Head of Support

Log4j Zero Day Vulnerability

Log4j Zero Day Vulnerability Update – 12.14.2021 5:00 pm MST

Crownpeak is actively monitoring the Log4j2 Zero Day Vulnerability disclosed
on December 9, 2021 (CVE-2021-44228). Log4j2 affects the Apache Log4j 2
project and any systems which have deployed the library into an application.

Our operations team performed a comprehensive review of internal systems
and support applications to update or patch any affected systems. Updates
on the review results have been posted to this thread. We continue to
actively monitor the situation.

The majority of Crownpeak’s products were not affected by the Log4j2 Zero Day
Vulnerability, as they are not written in Java, or do not use the Log4j library.  The
small subset of Crownpeak’s product components which leverage the Log4j library
were affected have been identified and patched to eliminate the risk of exploit.
Specific product details are listed below.  Crownpeak will be continuing to monitor
our systems as well as third party components related to this situation closely and
report any additional updates.

 

DXM – Hybrid Headless CMS
 
  • No exposure in the Windows hosting environment
  • The core Java install on standard Linux hosting environments was not
    affected. The operations team has completed a full review of the
    customer systems and resolved any affected systems.
  • A content update queuing service was affected and has been patched
  • A third party java based monitoring agent deployed on a small number
    of systems in Linux environments was affected and has been patched
  • Continue to monitor hosting systems and third-party components as related to this situation
  • No evidence of exploitation has been observed
Products Unaffected by Log4j Vulnerability
 
  • Web Content Management (CMS)
  • Web Content Optimization (WCO) personalization
  • Dynamic API Content Delivery (SearchG2)
  • Cloud Website Hosting Services: Windows .Net

Have an idea

Have an idea to improve DXM?

Let us know !

Submit an idea

Can't find what you are looking for?

Find Answers

Search our DXM Forum to find answers to questions asked by other DXM users.

Ask a Question

No luck? Ask a question. Our Product and Support teams are monitoring the Forum and typically respond within 48 hours.

Ask a Question