December 16, 2021
Clients and Constituents,
Datum takes security matters seriously, striving to maintain a safe and secure environment for our products, customers, partners and employees. December 12 NIST published updated notice regarding remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j. Known versions impacted (versions 2 to 2.14.1), after which version 2.15 contains configuration default is turned off. Apache recommendation is to upgrade to 2.15 or greater.
We have completed our review, working with various vendors, evaluation of our internal and hosted systems have determined no exposure to these solutions and systems. Client’s of Datum, with existing support agreements, will receive specific instructions in the next couple days specific to your product and or environments. Datum is committed to ensure our clients software issues are resolved as quickly as possible.
Additionally, as a matter of remediation and precaution, we recommend that each of our clients review with each of their vendors to determine and resolve all possible vulnerabilities. Datum is sharing remediation only for our own set of products or environments.