On December 10, 2021, the world was alerted to a security vulnerability related to the Apache Log4j library.
Impero Software products are on the cybersecurity front lines, defending organizations from digital threats all around the world. We work with half the Fortune 100 in the US and over 30,000 schools globally to keep people connected, productive and safe online. Understanding and mitigating emerging threats is a priority for us and we began assessing the risk of Log4j to our customers immediately.
Our initial assessment didn’t identify significant threats to Impero customers, but we did find Log4j libraries as part of third-party services used in our cloud-hosted products. These services, provided and maintained by upstream providers, are used by Impero in such a way that direct exploits would be incredibly difficult.
Working directly with our upstream service providers, we began implementing security updates on Tuesday, December 14 and completed our mitigation efforts on December 16, 2021. We’re happy to report there have been no reports of a successful exploit, and no negative outcomes related to Impero’s software and the Log4j vulnerability.
Impero will continue to monitor the threat landscape related to Log4j. Because the Log4j libraries are used extensively by software and service providers globally, there is a chance additional services used by Impero will need to be updated or patched. Impero is committed to addressing those situations as quickly as possible and will make every effort to deploy necessary changes as soon as they are identified and made available.
Impero customers with questions or concerns about the Log4j vulnerability are encouraged to contact their local Impero representative or Impero’s Data Protection Officer (DPO) at [email protected].