Act-On Responds to Apache Log4j Security Vulnerabilities

By now you may have heard about the discovery of several security vulnerabilities in Log4j, an open-source Apache logging framework that developers use to keep a record of activity within an application. Like thousands of other enterprise SaaS platforms, Act-On leverages this library to capture and persist information for certain activities within our platform.

Upon discovery of the first vulnerability in December, Act-On’s engineering team began responding. After reviewing our internal logs and systems we have determined that no data was breached, obtained, or compromised as a result of these vulnerabilities.

Our developers immediately implemented a workaround to prevent vulnerable services from being exploited before they could be patched. Vulnerability remediation included the following actions:

• CVE-2021-44832: Patches were successfully deployed via updates to our platform on December 12 2021. 
• CVE-2021-45105, CVE-2021-45046 and CVE-2021-44228: All Act-On application services that use Apache log4j have been updated to version 2.17.1 as of January 17th 2022.
  

If you have any further questions, please contact Act-On customer support.