Jasper PIM’s Response to Log4jam Vulnerability
On Thursday, December 9, 2021, Jasper was made aware of a vulnerability in the Log4j logging framework, CVE-2021-44228. We immediately initiated our incident response process to determine our usage of this framework and its impact across our product, and our infrastructure.
Following the public vulnerability disclosure, we took immediate action on the evening of Friday, December 10 to assess our exposure to this vulnerability. The Log4j logging framework is not being used by our product neither by any software running on our servers. We have not detected any successful exploitation at this time. We continue to monitor the situation for any new developments. No action by users of Jasper PIM is required in order to continue safely using our product.
We are continuing to investigate our exposure to this vulnerability and will provide further updates if any new risk to our users or our product is identified.