Coveo Is NOT Vulnerable to CVE-2021-44228 - Apache Log4j RCE
Incident Report for Coveo Cloud
Resolved
Upon being made aware of the vulnerability, we used a tool for software composition analysis that allowed us to pinpoint the vulnerable library in Coveo applications. Although some Coveo components were using the vulnerable library, we confirmed that the Java Virtual Machine (JVM) version used mitigated the Log4j attack surface by disabling a vulnerable configuration. We were also able to confirm that no customer data has been affected in connection with this vulnerability.

In order to fully remediate the vulnerable component, our teams have taken the necessary steps to update the Log4j library.

If you need help or to get in touch with us, please visit our Help Portal
Posted Dec 14, 2021 - 11:21 EST
This incident affected: Ireland (Search - Search Service, Search - Hosted Search Pages, Platform - Platform Service, Platform - Authentication Service, Platform - Administration Console, Indexing Pipeline - Sources Service, Indexing Pipeline - Push API, Indexing Pipeline - Document Processing, Indexing Pipeline - Crawling Module, Analytics - Analytics Write API, Analytics - Analytics Read API, Coveo ML - Query Suggest Service, Coveo ML - Models Generator), US East (Search - Search Service, Search - Hosted Search Pages, Platform - Platform Service, Platform - Authentication Service, Platform - Administration Console, Indexing Pipeline - Sources Service, Indexing Pipeline - Push API, Indexing Pipeline - Document Processing, Indexing Pipeline - Crawling Module, Analytics - Analytics Write API, Analytics - Analytics Read API, Coveo ML - Query Suggest Service, Coveo ML - Models Generator), and Australia (Search - Search Service, Search - Hosted Search Pages, Platform - Platform Service, Platform - Authentication Service, Platform - Administration Console, Indexing Pipeline - Sources Service, Indexing Pipeline - Push API, Indexing Pipeline - Document Processing, Indexing Pipeline - Crawling Module, Analytics - Analytics Write API, Analytics - Analytics Read API, Coveo ML - Query Suggest Service, Coveo ML - Models Generator).