Maintaining the security and confidentiality of our customers’ information is a priority at ESM. That’s why we’re proud to inform our customers that we have successfully mitigated the remote code execution vulnerability related to Apache Log4j which was widely reported on December 9, 2021.
The vulnerability is commonly referred to as CVE-2021-442288 and more information can be found at https://nvd.nist.gov/vuln/detail/CVE-2021-44228.
We are continuing to track and respond to the latest developments of this threat, whilst working with the industry at large as researchers gain a deeper understanding of attack vectors and any potential impact.
ESM wants to relay our current standing and emphasize our continued diligence to defend against this and other potential attacks.
The Log4j vulnerability is not applicable to ESM's core application or solutions. We have, however, been working with our technology partners to implement all recommended patches and updates that impact other systems in use by ESM. We have already deployed all Log4j updates recommended by third party partners and we will continue to monitor for any new updates.
In addition to monitoring the threat landscape for attacks and developing customer protections, our cloud operations team will continue to review and analyze our products and our service providers to take expedited steps to mitigate any vulnerabilities. And, ESM will continue to utilize industry best practices to keep your data as safe and secure.
If you have any questions about ESM’s security practices, please contact us at firstname.lastname@example.org.