As many of you may know, a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-4428) was made public on December 9th, 2021 that results in remote code execution (RCE). It was announced that Apache Log4j library version 2.x for Java was vulnerable to remote code execution (RCE) exploit CVE-2021-44228 allowing access to servers using it.
To confirm, Scout engineering and security teams have confirmed that Scout does not use Java and does not use the version of the Log4j library that is vulnerable to this exploit.
In the meantime, we are continuously monitoring all our Scout testing and production environments for any indication of active threats and exploits per usual protocol.
If you have any concerns, please feel free to contact Scout Support.
Scout Support
