Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack
PDI will publish technical information to help our customers detect, investigate, and mitigate attacks.

PDI is aware of the Apache Log4j2 vulnerability CVE-2021-44228 and our product, operations, and security teams are currently assessing the potential impact on all products across PDI. We will continue our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j2 (a logging tool used in many Java-based applications).

On December 10, 2021, upon seeing community chatter about the Apache Log4j2 vulnerability, PDI immediately engaged various teams across the organization with a request to review and mitigate the risk.

As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we will publish technical information to help our customers detect, investigate, and mitigate attacks. We will also continue to update this blog with information and protection details as they become available. Please refer to PDI Connections for any technical bulletins regarding your specific solutions.

In addition to monitoring the threat landscape for attacks and developing customer protections, our security teams are analyzing PDI solutions and services to understand where Apache Log4j2 may be used and are taking steps to mitigate any instances.

As of December 13, 2021, the PDI team has reviewed a significant portion of our solutions and determined that most are not impacted. For any applications using Log4j2, we have already applied mitigation or are actively doing so.

PDI will continue to evaluate our solutions and implement mitigating controls where applicable. In the event PDI identifies any solutions that cannot be mitigated in a timely manner, we will notify you accordingly.

At this time, the PDI Security teams are continuing to monitor the potential threat.

Apply security updates

To address this vulnerability, PDI recommends that you review all of your applications and apply the latest security updates for all software to remediate this vulnerability.

Additional resources

The following guidance and resources are designed to help you understand this vulnerability and detect exploits:

We will update this blog post with additional guidance as we continue to learn more from our investigation.

PDI Security Team