Apache Log4j vulnerability CVE-2021-44228
Hello guys,
Have Zendesk been affected by the Log4j vulnerability?
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
If yes, what is the impact and can you share a link where we can check for status updates on this matter?
Also, do you have integrated technology partners that may be affected(or apps present in the Zendesk marketplace)?
Thanks,
Dragos
-
Would be great to get some kind of response on this. I am surprised they did not mention anything proactively.
-
I sent an inquiry to serviceincident@zendesk.com about this, maybe a few more tickets raised to the same address will nudge them into a reply...
-
Great idea, will do!
-
I got a response from Zendesk support stating the following:
Zendesk does use Log4j in some parts of our infrastructure. We have identified the appropriate mitigations and updates, and are implementing these in our environment.
Zendesk and the industry are continuing investigations into this Apache security event. At this point in time, we are not aware of any impact to your account. We will keep you informed should this assessment change. -
Check out ZD's new advisory regarding this: https://support.zendesk.com/hc/en-us/articles/4413583476122
-
Cool, thanks Mark McLane for the detailed updates!
Happy EOY, good people! :)
-
Hey Everyone,
First off - thanks for dropping the link to our advisory Mark!
Please let me know if you have any further questions around this vulnerability or our remediation steps.
Thanks! -
Will Zendesk inform when all necessary fixes are deployed?
This allows your customers (us) to report this internally as done.
-
Hello,
I just wanted to add one additional piece of information to this conversation. Zendesk does not use Log4j in our mobile SDKs, so there is no impact on that side of the Zendesk platform.
Please sign in to leave a comment.
10 Comments