Resolved -
The incident is resolved.
May 10, 16:05 CEST
Update -
We are keep monitoring for any further issues.
Next update : 25th Feb 2022
Feb 18, 10:02 CET
Update -
We are continuing to monitor for any further issues.
Feb 14, 10:19 CET
Monitoring -
Patches has been applied and verified. We will continue monitoring this as per normal operations.
Jan 26, 08:33 CET
Update -
Since the vulnerability was made known, Cognite teams have been working on identifying and patching services affected by the vulnerability. Cognite expects to complete patching affected services to Log4j 2.17.1 within the next few days.
Cognite has released version 1.3.6 of the Documentum extractor and we recommend all users to upgrade as soon as possible, by going to fusion.cognite.com/extractors.
Note that this is not the original log4j issue, but a new, less severe vulnerability in the updated library.
Cognite considers this a minor vulnerability as an attacker would need access to modify config files to be able to exploit it.
Jan 10, 16:59 CET
Identified -
Since the vulnerability was made known, Cognite teams have been working on identifying services affected by the vulnerability. Cognite expects to patch affected services to Log4j 2.17.1 within the next few days.
Note that this is not the original log4j issue, but a new, less severe vulnerability in the updated library.
Cognite considers this a minor vulnerability as an attacker would need access to modify config files to be able to exploit it.
Jan 3, 17:05 CET