Problem Summary
A vulnerability in Apache Log4j2 JNDI (Java Naming Directory Interface) allows attackers to execute arbitrary code.
How This Affects Workspot Products
Workspot has conducted a thorough review of the components used in our cloud service.
Our findings:
Workspot's cloud service, microservices, agents, and clients do not use Log4J.
Workspot's data lake uses products and tools from a service provider which also identified the Log4J vulnerability. The vulnerability has been remediated.
Currently, the services we use from our IaaS provider partners - Amazon Web Services, Google Cloud, and Microsoft Azure - are not impacted by this vulnerability.
We will continue to monitor the situation with our providers and issue updates as needed.
Related Documents
Apache Log4j Security Vulnerabilities (from logging.apache.org).
CVE-2021-44228 (from cve.mitre.org).