PDI is aware of the Apache Log4j2 vulnerability CVE-2021-44228 and our product, operations, and security teams are currently assessing the potential impact on all products across PDI. We will continue our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j2 (a logging tool used in many Java-based applications).
On December 10, 2021, upon seeing community chatter about the Apache Log4j2 vulnerability, PDI immediately engaged various teams across the organization with a request to review and mitigate the risk.
As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help our customers detect, investigate, and mitigate attacks. We will also continue to update this blog with information and protection details as they become available. Please refer to PDI Connections for any technical bulletins regarding your specific solutions.
In addition to monitoring the threat landscape for attacks and developing customer protections, our security teams are analyzing PDI solutions and services to understand where Apache Log4j2 may be used and are taking steps to mitigate any instances.
As of December 13, 2021, the PDI team has reviewed a significant portion of our solutions and determined that most are not impacted. For any applications using Log4j2, we have already applied mitigation or are actively doing so.
PDI will continue to evaluate our solutions and implement mitigating controls where applicable. In the event PDI identifies any solutions that cannot be mitigated in a timely manner, we will notify you accordingly.
At this time, the PDI Security teams are continuing to monitor the potential threat.
Apply security updates
To address this vulnerability, PDI recommends that you review all of your applications and apply the latest security updates for all software to remediate this vulnerability.
Additional resources
The following guidance and resources are designed to help you understand this vulnerability and detect exploits:
- Please refer to PDI Connections for any technical bulletins regarding your PDI solution(s).
- Review the Microsoft Security blog describing the nature of the current attacks: Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation.
- Review the RiskIQ threat intelligence article for information about the vulnerability and exploitation of it, as well as detections and mitigations: CVE-2021-44228 Apache Log4j Remote Code Execution Vulnerability.
- Bookmark this blog and refer back to it as necessary: PDI Security Response: Log4j2 Vulnerability blog.
We will update this blog post with additional guidance as we continue to learn more from our investigation.
PDI Security Team
Recommended For You
How to Manage the Security Threats Hitting Your Business
In today’s “smart,” connected world, cybercriminals and their tools are having a field day. This means that businesses of any ...
PDI Chats: A Cybersecurity Expert’s Advice on Guarding Against the Next Microsoft Exchange Vulnerability
The recent Microsoft Exchange attack is spurring an overdue conversation about lax cybersecurity practices for public-facing applications. We had a ...
PDI Celebrates National Logistics Day
We’re thrilled to celebrate National Logistics Day on June 28 – a day to celebrate the importance the logistics industry ...
Innovation, Data and Technology at PDI
Hear PDI’s CTO Chris Berry discuss the future of innovation at PDI with VP Engineering, Vlad Collak and the “Big ...