LOG4J vulnerability and Anaplan


Best Answer

  • michael.chefer


    I heard back from support and here is what they said regarding eh vulnerability. 


    "Our Engineering and Level 3 teams are actively investigating this issue. Please find the latest response below: 
    Please note that this situation is evolving and we continue to adapt as it unfolds.  Anaplan has a two-pronged approach to deal with this vulnerability.  First, we have updated instances of Log4j throughout the Production environment.  In addition, Anaplan uses host-based security monitoring and alerting on each server.  The solution vendor has already issued Log4j-specific monitoring and we have implemented it on all hosts.  We have not seen any indications of compromise, and we continue to closely monitor the environment. "