Most Recent Update
CVE-2022-3786 and CVE-2022-3602
Industry-wide security vulnerabilities released November 1st 2022
11/04/2022
Watermark has confirmed that these vulnerabilities impact no Watermark applications.
11/01/2022
Watermark is aware of the CVE-2022-3786 and CVE-2022-3602 vulnerabilities, and we are actively investigating and assessing if any of our applications are impacted. We will have further updates as information becomes available.
Past Updates
Click each row to expand for more details.
On December 9, 2021, a security vulnerability in Apache Log4j2 was publicly identified as being actively exploited in the wild. On December 14th, 2021, a new vulnerability was announced on Log4j2.15. On December 17th, 2021, a new vulnerability was announced on log4j2.x - 2.16.
Update as of December 19th 8:00am EST - Watermark has patched the system components affected by the Log4j2.x - 2.16 vulnerability with log4j2.17.
Update as of December 18th 11:00am EST - Watermark has deployed mitigating controls and we are actively patching system components affected by the Log4j2.x - 2.16 vulnerability with log4j2.17.
Update as of December 17th 11:00am EST - Watermark has patched the system components affected by the Log4j2.15 vulnerability with log4j2.16.
Update as of December 17th 8:00am EST - Watermark is actively patching the system components affected by the Log4j2.15 vulnerability with log4j2.16.
Update as of December 15th 12:00pm EST - Watermark has patched the system components affected by the Log4j2 vulnerability with Log4j2.15.
Issue: Discovery of security issue by the National Vulnerability Database (CVE-2021-44228) affecting Apache component Log4j2. On Tuesday December 14th, a new vulnerability was discover affecting Log4j2.15 (CVE-2021-45046).
Impact and Remediation: Watermark has deployed mitigating controls and we are actively monitoring for this vulnerability and any new threats.
Next Update: Updates will also be posted as additional information becomes available.