No components marked as affected
Resolved
The incident is resolved.
Monitoring
We are keep monitoring for any further issues.Next update : 25th Feb 2022
Monitoring
We are continuing to monitor for any further issues.
Monitoring
Patches has been applied and verified. We will continue monitoring this as per normal operations.
Identified
Since the vulnerability was made known, Cognite teams have been working on identifying and patching services affected by the vulnerability. Cognite expects to complete patching affected services to Log4j 2.17.1 within the next few days.
Cognite has released version 1.3.6 of the Documentum extractor and we recommend all users to upgrade as soon as possible, by going to fusion.cognite.com/extractors.
Note that this is not the original log4j issue, but a new, less severe vulnerability in the updated library.Cognite considers this a minor vulnerability as an attacker would need access to modify config files to be able to exploit it.
Identified
Since the vulnerability was made known, Cognite teams have been working on identifying services affected by the vulnerability. Cognite expects to patch affected services to Log4j 2.17.1 within the next few days.
Note that this is not the original log4j issue, but a new, less severe vulnerability in the updated library.Cognite considers this a minor vulnerability as an attacker would need access to modify config files to be able to exploit it.