Question

log4j affecting any of the products?

  • 16 December 2021
  • 4 replies
  • 530 views

or is there an offical announcement of log4j aka log4shcell - cve-2021-44228?


4 replies

I second this one.  Can you please respond to us to see if you are affected?

Yes

Has your product line been impacted by the Log4j Vulnerability?

Have you experienced any security incidents as a result of Log4J Vulnerability?

Have any of your third party vendors been impacted?

 

 

Userlevel 3
Badge +5

yes, there was vulnarability with log4j and not just freshworks, many other products were affected.

we had to release an update to over come the issue. but i am not sure this affected freshworks in any way.

 

Userlevel 5
Badge +8

Hello Everyone,

 

We understand your concern related to the log4j vulnerability. As per our security team’s update, we have implemented specific rules in the Freshworks WAF (web application firewall) configuration to protect our perimeter and to block and throttle payloads that are related to this CVE. Please be informed that this is considered a priority activity and our engineering teams are currently performing analysis to verify services if any impacted and will be working to apply the necessary fix/patch. 


We have also published a public-facing Security Advisory Page for Log4j Vulnerability. This page currently has updates on action taken so far and timelines and will be updated with the progress from time to time as needed - https://www.freshworks.com/security/alerts/cve-2021-44228/

 

Thank you,

Reply