New critical vulnerability out in the wild and we have validated that the vulnerability does not exist in the Cymulate App as well as the Cymulate Agent.
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j utility was disclosed publicly via the project’s page on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
This announcement summarizes analysis as well as other actions performed and any potential impacts to the Cymulate solution.
Cymulate’s engineering and security teams have been working through the course of this zero day publication and continue to actively work on the analysis and any actions our users should perform, alongside identifying detection signatures that may be used to identify potential exploitation of the vulnerability.
We have validated that the vulnerability does not exist in the Cymulate App as well as the Cymulate Agent are not susceptible to the remote code execution associated with this vulnerability.