Ivanti Response to Log4J Vulnerability (CVE-2021-44228)
At Ivanti, we are committed to delivering innovative, high quality and secure solutions for our customers. Part of this is ensuring our customers are aware of the latest cyber threats, which must be met with agility and action.
A vulnerability was reported on the 10th of December 2021 in the open-source Java logging library (log4j), in Log4j-core versions between 2.0.0 and 2.14.1.
Teams across Ivanti mobilized against this threat upon learning of it. After a thorough review of our products, we found that this vulnerability impacts a limited number of customers. A list of our products, along with the status of whether they are impacted by the third-party issue and links to remediation steps for affected products, can be found in our Community Forum.
Last weekend, we proactively informed customers using our impacted products and highly recommended that they follow the tested mitigations outlined in our Community Forum. Since then, we have stayed in regular communication with our customers. Patching all systems for known vulnerabilities and ensuring the latest versions of Ivanti solutions are running is the best way for our customers to protect their environments from threats.
Unfortunately, security threats across the industry will persist. At Ivanti, we are committed to taking a collaborative approach to security and raising the bar for security as threat actors continue to grow in sophistication. As organizations and government agencies face ever more sophisticated attacks against their technologies, Ivanti is dedicated to protecting its customers and mitigating threats as quickly as possible.