Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104, CVE-2021-45046, and CVE-2021-45105.
Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046 and CVE-2021-45105.
MuleSoft (Cloud) is reported to be affected by CVE-2021-44228 and CVE-2021-45046. MuleSoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046, and we are executing our final validation steps. Please see our Knowledge Article (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) for more information.
Posted Dec 23, 2021 - 18:08 PST
Update
Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046 and CVE-2021-45105. We are aware of the recent updates made by Apache concerning CVE-2021-45046 and are investigating. Updates have been posted to our Knowledge Article (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 ). Please continue to monitor this status page for updates.
Posted Dec 20, 2021 - 23:27 PST
Update
Following our vulnerability management process, MuleSoft is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046. We are aware of the recent updates made by Apache concerning CVE-2021-45046 and are investigating. Updates have been posted to our Knowledge Article (https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021 ). Please continue to monitor this status page for updates.
Posted Dec 17, 2021 - 22:55 PST
Update
We are aware of and monitoring CVE-2021-45046 as part of our ongoing investigation into the Apache Log4j2 vulnerability. Please continue to review the Knowledge Article for updates.
Impact: We are actively monitoring this issue, and are working to patch any Salesforce services that either use the vulnerable component Log4j2 or provide it to customers.