The vulnerability in Apache Log4J, which was discovered at the end of last year, will continue to pose a major security risk to businesses. As an ISO/IEC 27001 certified partner, we want to keep you informed about the current status of the vulnerability and its possible impact on Salesforce services and on your business.
What is the Log4J vulnerability?
Log4j is an open-source library that IT developers use to keep digital logs. For example, the software records whether errors occur in an application. A lot of applications and cloud services, including Salesforce, use this Java library. The vulnerability allows an attacker to execute code on a server or computer.
How is this threat being addressed by Salesforce?
You can rest assured that Salesforce and BRIGHTFOX are doing everything possible to protect customers from these security risks. Salesforces services have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.
Salesforce will continue to monitor and implement additional remediative actions as needed to ensure Salesforce systems are patched and protected against the security issues identified in CVE-2021-44228 and CVE-2021-45046, as well as monitor for changes referenced in CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105, and CVE-2021-44832.
You can check the current status of the issue and consult a complete overview with details for each individual service on the Salesforce website.