Apache Log4j2 vulnerability
Incident Report for EU1 - Anypoint Platform
Resolved
Please see our Knowledge Article (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) for latest updates
Posted Jan 14, 2022 - 15:34 PST
Update
Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104, CVE-2021-45046, and CVE-2021-45105.

We have revised our CloudHub monthly patching schedule. Please see our Knowledge Article (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) for latest updates.
Posted Jan 11, 2022 - 17:14 PST
Update
Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046 and CVE-2021-45105.

Please see our Knowledge Article (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) for latest updates
Posted Jan 07, 2022 - 13:04 PST
Update
MuleSoft (Cloud) is reported to be affected by CVE-2021-44228 and CVE-2021-45046. MuleSoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046, and we are executing our final validation steps. Please see our Knowledge Article (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) for more information.
Posted Dec 23, 2021 - 18:08 PST
Update
Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046 and CVE-2021-45105. We are aware of the recent updates made by Apache concerning CVE-2021-45046 and are investigating. Updates have been posted to our Knowledge Article (​​https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 ). Please continue to monitor this status page for updates.
Posted Dec 20, 2021 - 23:27 PST
Update
Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046. We are aware of the recent updates made by Apache concerning CVE-2021-45046 and are investigating. Updates have been posted to our Knowledge Article (​​https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 ). Please continue to monitor this status page for updates.
Posted Dec 17, 2021 - 22:55 PST
Update
We are aware of and monitoring CVE-2021-45046 as part of our ongoing investigation into the Apache Log4j2 vulnerability. Please continue to review the Knowledge Article for updates.
Posted Dec 14, 2021 - 21:28 PST
Update
Please refer to the following Knowledge Article [Login Required] (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) which will be updated as additional information becomes available.

Updated to the correct link.
Posted Dec 11, 2021 - 20:39 PST
Update
Please refer to the following Knowledge Article [Login Required] (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) which will be updated as additional information becomes available.
Posted Dec 11, 2021 - 20:07 PST
Update
Please refer to the following Knowledge Article [Login Required] (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) which will be updated as additional information becomes available.
Posted Dec 11, 2021 - 20:06 PST
Identified
Issue: At MuleSoft, Trust is our #1 value, and we take the protection of our customers’ data very seriously. We are aware of the recently disclosed Apache Log4j2 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) vulnerability.


Impact: We are actively monitoring this issue, and are working to patch any Salesforce services that either use the vulnerable component Log4j2 or provide it to customers.


For more information, please review CVE-2021-44228 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and the Apache Log4j2 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) post. We appreciate your trust in us as we continue to make your success our top priority.

Next Update: Updates will be posted to the incident thread as additional information becomes available https://eu1-status.mulesoft.com/
Posted Dec 11, 2021 - 14:51 PST
This incident affected: Log4j2 vulnerability.