Upon learning of the log4j zero-day exploit last week, the Cirrus Insight team took immediate action with a full review of our product and third-party systems.
This post summarizes the results of our investigation to date and the next steps should you have additional questions or require additional information.
Out of an abundance of caution, any systems that could have been affected were taken down within 24 hours of the exploit's publication. Over the last few days, further forensic analysis was performed. Findings revealed that none of our product-based code or systems make direct use of log4J, and none of our third-party applications or systems (primarily build tools) make use of the affected log4j versions.
The Cirrus Insight product-based code does not make direct use of Log4J therefore Cirrus Insight has not been impacted as a result of the vulnerability.
The Cirrus Insight team is ready to assist you should you have additional questions via our live chat