On December 9, 2021, a remote code execution vulnerability related to Apache Log4j was publicly revealed on GitHub. This vulnerability exists specifically in Log4j version 2.0 to 2.14.1.
Tedial became aware of this vulnerability on the day it occurred. Our security and infrastructure teams responded immediately by launching a comprehensive investigation to determine what impact, if any, this exposure may have on Tedial systems and services.
We appreciate and share your concerns and provide the following details to reassure you that Tedial takes its responsibility to maintain the security of its systems and the data entrusted to it very seriously.
We have investigated our applications, systems and networks, as well as the third-party applications and services that we use, and have found no indication that this reported vulnerability has compromised our systems or data.
We are also pleased to announce that we are not using this version of the affected library in our solutions. We are doing a proactive scan, however, on our clients’ systems to verify that there are no other potential threats.
As more data about this vulnerability is released, including vendor and expert guidance, we will incorporate that information into our own ongoing analysis.
Proof of our commitment to the security of our customers is evidenced by the reliability and quality of the certifications found in the Tedial Security Roadmap:
Please be assured that we will continue to monitor this situation as it progresses.
The Tedial team