LOG4J vulnerability and Anaplan

michael.chefer
michael.chefer
in Security and tenant administration

 

Does anyone know if there is any impact to Anaplan due to LOG4J vulnerability?

 

https://abcnews.go.com/US/cyber-vulnerability-poses-severe-risk-dhs/story?id=81713422

https://www.wired.com/story/log4j-flaw-hacking-internet/

https://www.zdnet.com/article/log4j-rce-activity-began-on-december-1-as-botnets-start-using-vulnerability/

 

Tagged:

Best Answer

  • michael.chefer
    michael.chefer
    Answer ✓

     

    I heard back from support and here is what they said regarding eh vulnerability. 

     

    "Our Engineering and Level 3 teams are actively investigating this issue. Please find the latest response below: 
     
    Please note that this situation is evolving and we continue to adapt as it unfolds.  Anaplan has a two-pronged approach to deal with this vulnerability.  First, we have updated instances of Log4j throughout the Production environment.  In addition, Anaplan uses host-based security monitoring and alerting on each server.  The solution vendor has already issued Log4j-specific monitoring and we have implemented it on all hosts.  We have not seen any indications of compromise, and we continue to closely monitor the environment. "

Categories