Coveo Cloud Status - Coveo Is NOT Vulnerable to CVE-2021-44228

Coveo Is NOT Vulnerable to CVE-2021-44228 - Apache Log4j RCE

Incident Report for Coveo Cloud

Resolved

Upon being made aware of the vulnerability, we used a tool for software composition analysis that allowed us to pinpoint the vulnerable library in Coveo applications. Although some Coveo components were using the vulnerable library, we confirmed that the Java Virtual Machine (JVM) version used mitigated the Log4j attack surface by disabling a vulnerable configuration. We were also able to confirm that no customer data has been affected in connection with this vulnerability.

In order to fully remediate the vulnerable component, our teams have taken the necessary steps to update the Log4j library.

If you need help or to get in touch with us, please visit our Help Portal

Posted Dec 14, 2021 - 11:21 EST

This incident affected: US (Search - Search Service, Search - Hosted Search Pages, Platform - Platform Service, Platform - Authentication Service, Platform - Administration Console, Indexing Pipeline - Sources Service, Indexing Pipeline - Push API, Indexing Pipeline - Document Processing, Indexing Pipeline - Crawling Module, Analytics - Analytics Write API, Analytics - Analytics Read API, Coveo ML - Query Suggest Service, Coveo ML - Models Generator), Europe (Search - Search Service, Search - Hosted Search Pages, Platform - Platform Service, Platform - Authentication Service, Platform - Administration Console, Indexing Pipeline - Sources Service, Indexing Pipeline - Push API, Indexing Pipeline - Document Processing, Indexing Pipeline - Crawling Module, Analytics - Analytics Write API, Analytics - Analytics Read API, Coveo ML - Query Suggest Service, Coveo ML - Models Generator), and Australia (Search - Search Service, Search - Hosted Search Pages, Platform - Platform Service, Platform - Authentication Service, Platform - Administration Console, Indexing Pipeline - Sources Service, Indexing Pipeline - Push API, Indexing Pipeline - Document Processing, Indexing Pipeline - Crawling Module, Analytics - Analytics Write API, Analytics - Analytics Read API, Coveo ML - Query Suggest Service, Coveo ML - Models Generator).