Is Scout vulnerable to the Log4j remote code execution exploit?
By Scout Information Security Management System Steering Committee - December 14, 2021
As many of you may know, a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-4428) was made public on December 9th, 2021 that results in remote code execution (RCE). It was announced thatApache Log4j library version 2.xfor Java was vulnerable to remote code execution (RCE) exploitCVE-2021-44228allowing access to servers using it.
To confirm, Scout engineering and security teams have confirmed that Scout does not use Java and does not use the version of the Log4j library that is vulnerable to this exploit.
In the meantime, we are continuously monitoring all our Scout testing and production environments for any indication of active threats and exploits per usual protocol.
If you have any concerns, please feel free to contact Scout Support.