Apache Log4j vulnerability CVE-2021-44228

dentolo · December 13, 2021, 6:23pm

Hey there,

are there any news if ActiveCampaing is impacted by the Log4j vulnerability?
https://nvd.nist.gov/vuln/detail/CVE-2021-44228

If yes do you have any information on the impact and timeline? In addition to you have any information whether partners for third-party integrations are affected?

Best
Daniel

mreibach · December 14, 2021, 2:24pm

Hello Daniel,

The ActiveCampaign team has been monitoring the situation closely and has not seen an impact at this time. Unfortunately we do not have any information on how third-party integrations may have been affected. The best way to find that information would be to contact the third-party directly.

Thank you,
-Matt

dentolo · December 14, 2021, 2:51pm

Hi Matt,

thanks for the update.

One follow-up question for clarification:

Can you tell whether ActiveCampaign is affected but hasn’t seen any impact yet or whether ActiveCampaign is not affected at all by this?

If it’s affected it would be good to know if it’s already fixed or if there is a timeline to fix it.

Best Daniel

mreibach · December 16, 2021, 3:29pm

Hi Daniel,

I can confirm that there is nothing impacting operations at this time. Additionally, we have active mitigation of this threat at our Web Application Firewall (WAF) service, sitting on our edge, preventing any potential attempts leveled at ActiveCampaign.

Thank you,
-Matt

altaro · December 17, 2021, 10:56am

Good morning. Has AC issued a formal statement? If so,where was it released or posted?
Thanks
David