Vulnerability CVE-2021-44228 (Apache Log4j Java)

Botdoc's Statement

Botdoc does not use Apache Log4j Java and we were alerted on Saturday that a vulnerability, namely CVE-2021-44228 has been detected (which is Apache Log4j Java) however we do not use Apache Log4j Java.

 

We do have one vendor that uses this package -  Jira/Atlassian and they are still investigating any possible impact, but it's a vendor that does not touch any sensitive data from Botdoc customers.

 

We have multiple types of monitoring’s of our system in place to alert of any compromise and we have no compromise at this time.

Note: 12/13/2021

From Atlassian: This vulnerability has been mitigated for all Atlassian cloud products previously using vulnerable versions of Log4j. To date, our analysis has not identified compromise of Atlassian systems or customer data prior to the patching of these systems. Atlassian customers are not vulnerable, and no action is required.