Bottom Line Up Front:

Peerceptiv has mitigated the potential for exploiting the Log4j vulnerability against Peerceptiv systems. There is no evidence currently available that attackers used the vulnerability against Peerceptiv systems prior to mitigation.

Log4j Vulnerability:

As widely reported, on December 10th, 2021, a vulnerability was disclosed in the commonly used Java library Log4j that would potentially enable malicious actors to execute arbitrary code on affected platforms. This exploit has been observed in use in the wild.

Peerceptiv Status:

Peerceptiv systems run on a Java back-end and do utilize Log4j. Peerceptiv has fully mitigated the vulnerability in accordance with recommendations from CISA. Peerceptiv completed initial mitigation on December 10th. Additionally, Peerceptiv completed updates to version 2.17 in order to correct for vulnerabilities identified in the initial v2.15.0 and v2.16.0 patches. Peerceptiv has no evidence showing the vulnerability was exploited against Peerceptiv systems prior to mitigation.

Further Information:

For further information about the vulnerability please check the official CISA incident response page: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance