Apache Log4j vulnerability
Updated: December 30th 2021
LivePerson, like the majority of the technology industry, has actively engaged in the remediation of CVE-2021-44228, referred to as Apache Log4j vulnerability, and has remediated all services affected by this issue based on our current investigation. CVE-2021-44228 was resolved within 7 days of identification. Subsequently, we have been tracking and mitigating the residual impact of CVE-2021-45105, identified on December 17th. This too has been resolved within 7 days of identification.
Our Engineering and Security teams continue to monitor the progression of the log4j situation. This includes the monitoring for activity both externally and internally, It also includes monitoring the evolving secondary vulnerabilities to Apache log4j. No exploitation has been discovered. The Liveperson Leadership team is actively engaged in overseeing these activities.
We know that Apache Log4j is a significant vulnerability and are committed to working closely with our customers and partners to determine and address potential impacts as quickly as possible. Our customers' security and success are our top priority. We will update if and when we have new information.