Apache Log4j2 Security Vulnerability – On December 9, 2021, a security vulnerability in Apache Log4j2 was publicly identified as being actively exploited in the wild. On December 14th, 2021, a new vulnerability was announced on Log4j2.15. On December 17th, 2021, a new vulnerability was announced on log4j2.x – 2.16.

 

Update as of December 19th 8:00am EST – Watermark has patched the system components affected by the Log4j2.x – 2.16 vulnerability with log4j2.17.

Update as of December 18th 11:00am EST – Watermark has deployed mitigating controls and we are actively patching system components affected by the Log4j2.x – 2.16 vulnerability with log4j2.17.

Update as of December 17th 11:00am EST – Watermark has patched the system components affected by the Log4j2.15 vulnerability with log4j2.16.

Update as of December 17th 8:00am EST – Watermark is actively patching the system components affected by the Log4j2.15 vulnerability with log4j2.16.

Update as of December 15th 12:00pm EST – Watermark has patched the system components affected by the Log4j2 vulnerability with Log4j2.15.

Issue: Discovery of security issue by the National Vulnerability Database (CVE-2021-44228) affecting Apache component Log4j2. On Tuesday December 14th, a new vulnerability was discover affecting Log4j2.15 (CVE-2021-45046).

Impact and Remediation: Watermark has deployed mitigating controls and we are actively monitoring for this vulnerability and any new threats.

Next Update: Updates will also be posted as additional information becomes available.