Workday Response on CVE-2021-44228 Apache Log4j
Workday's security team continues to investigate and address the Apache Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228).
Workday's security team continues to investigate and address the Apache Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228).
All environments containing Customer Data have been updated to mitigate the vulnerabilities identified in CVE-2021-44228 and CVE-2021-45046.
All environments we have identified containing Customer Data running versions of Log4j vulnerable to CVE-2021-44228 have been patched.
Workday's security team continues to investigate and address the Apache Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228). To date, we haven’t found any indication that Customer Data or environments containing Customer Data have been affected.
The vulnerability, disclosed on December 9, allows an attacker to execute code on a remote server if the system logs an attacker modified string value on an exposed endpoint. The Log4j library is used widely in Java-based applications, including within the Workday service.
Upon learning of the vulnerability, we immediately initiated an investigation to determine its potential impact. We use Log4j in a number of Workday environments, and we've tested and deployed recommended mitigation techniques and remediation patches against this vulnerability in environments across the Workday service. Our efforts have included intrusion prevention via upgrades to our firewalls as well as upgrades of the Log4j library directly used by Workday and included in other software packages.
As part of our standard operating procedure, we’ll continue to monitor any environments that may be affected by Log4j and will deploy additional mitigation and remediation steps as needed.
This advisory will be updated as more information becomes available. For customers with additional inquiries, please create a support ticket or refer to our Information Security and Trust page on Workday Community.
More Reading
Workday is committed to safeguarding global privacy by anticipating regulatory changes and supporting customers with compliance across diverse privacy laws worldwide. Workday Chief Privacy Officer Barbara Cosgrove shares more about our proactive approach, including our dedicated privacy team, ongoing employee education, and the integration of privacy and AI principles into our products and practices.
The seamless transfer of data between the United States and European Union plays a vital role in driving the digital economy and enabling multinational companies to effectively manage their global workforces. Workday Chief Privacy Officer Barbara Cosgrove shares an update on what the new EU-US Data Privacy Framework means for Workday customers, and for the future. |
Workday Chief Privacy Officer Barbara Cosgrove discusses the growing focus on the convergence of data privacy and artificial intelligence (AI). Learn how Workday balances privacy with the need to maximize value from AI technology.