PeopleFluent Notification: Security Communication - Apache Log4j vulnerability (CVE-2021-44228)
Security Announcement: December 13, 2021
Dear PeopleFluent Customers and Partners,
PeopleFluent's Security and Technology teams have evaluated the recently discovered CVE-2021-44228 security vulnerability introduced in the Log4j library (starting with version 2.0.beta-9) and addressed with configuration defaults in version 2.15.
Our team has reviewed potential version and standard configuration-related exposure across all our product lines and confirmed that no PeopleFluent hosted services (our SaaS offerings) are vulnerable.
Customers running PeopleFluent software on their own premises with recommended/default configuration values should not be vulnerable, however we recommend that your team consults the CVE bulletin to validate that your local configuration values were not changed in a manner that would expose this vulnerability.
PeopleFluent will continue to monitor any developments related to CVE-2021-44228 and provide further updates as necessary.
Please share this information with other system users as needed. If you have any questions or concerns regarding this matter, please contact our support team.
USA: +1 (800) 841-2365 or +1 (919) 645-2899
UK: +44 (207) 832-3444
Case Management System: https://support.
Customer Community: https://customers.