Is Scout vulnerable to the Log4j remote code execution exploit?

By Scout Information Security Management System Steering Committee - December 14, 2021

As many of you may know, a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-4428) was made public on December 9th, 2021 that results in remote code execution (RCE). It was announced that Apache Log4j library version 2.x for Java was vulnerable to remote code execution (RCE) exploit CVE-2021-44228 allowing access to servers using it.

To confirm, Scout engineering and security teams have confirmed that Scout does not use Java and does not use the version of the Log4j library that is vulnerable to this exploit.

In the meantime, we are continuously monitoring all our Scout testing and production environments for any indication of active threats and exploits per usual protocol.

If you have any concerns, please feel free to contact Scout Support.

Scout Support

Comments

We promise that we won't SPAM you.