Apache Log4j vulnerability CVE-2021-44228 | Community
Skip to main content

Apache Log4j vulnerability CVE-2021-44228

  • December 13, 2021
  • 10 replies
  • 0 views
F

Hello guys,

 

Have Zendesk been affected by the Log4j vulnerability?

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

If yes, what is the impact and can you share a link where we can check for status updates on this matter?

Also, do you have integrated technology partners that may be affected(or apps present in the Zendesk marketplace)?

 

Thanks,

Dragos

      10 replies

      E
      • Evan27
      • December 13, 2021

      Would be great to get some kind of response on this. I am surprised they did not mention anything proactively.

      M
      • Mark109
      • December 13, 2021

      I sent an inquiry to serviceincident@zendesk.com about this, maybe a few more tickets raised to the same address will nudge them into a reply...

        E
        • Evan27
        • December 13, 2021

        Great idea, will do!

        M
        • Mark109
        • December 13, 2021

        I got a response from Zendesk support stating the following:

        Zendesk does use Log4j in some parts of our infrastructure. We have identified the appropriate mitigations and updates, and are implementing these in our environment.

        Zendesk and the industry are continuing investigations into this Apache security event. At this point in time, we are not aware of any impact to your account. We will keep you informed should this assessment change.

          M
          • Mark109
          • December 13, 2021

          Check out ZD's new advisory regarding this: https://support.zendesk.com/hc/en-us/articles/4413583476122

            F
            • FintechOs
            • Author
            • December 14, 2021

            Cool, thanks @mark109 for the detailed updates!

            Happy EOY, good people! :) 

            Eric27
            • Eric27
            • December 14, 2021
            Hey Everyone,

            First off - thanks for dropping the link to our advisory Mark!

            Please let me know if you have any further questions around this vulnerability or our remediation steps.

            Thanks! 
            Michael22
            • Michael22
            • December 21, 2021

            @eric27

            Will Zendesk inform when all necessary fixes are deployed?

            This allows your customers (us) to report this internally as done.

            Eric27
            • Eric27
            • December 21, 2021

            Hey @michael22

            We've put out some comms here that discuss what we've done to remediate this so far and our steps to continue to monitor it.

              Mick11
              • Mick11
              • March 7, 2022

              Hello,

              I just wanted to add one additional piece of information to this conversation. Zendesk does not use Log4j in our mobile SDKs, so there is no impact on that side of the Zendesk platform. 

                Terms & ConditionsCookie settingsAccessibility statement