Please note: symplr will provide updates as needed to this blog to keep our customers apprised of the unfolding situation regarding Apache Log4j 2.
December 17, 2021
As part of our ongoing vigilance, symplr's Product and Engineering teams continue to monitor the situation and apply new patches as needed. If deemed necessary, this may result in short periods of downtime for customers during installation. Any additional remediation plans are being taken out of abundance of caution. Customers can remain confident in the security of all symplr products.
December 14, 2021
A significant and wide-reaching vulnerability, CVE-2021-44228, was discovered in Apache Log4j 2 (a logging tool used in many Java-based applications), and it can be exploited to enable remote code execution on servers.
Upon learning of the vulnerability, symplr Product and Engineering teams took immediate action to evaluate the risk across our product portfolio and to ensure that our customers and their data remain protected.
Who is affected?
The following symplr solutions use Apache Log4j 2:
- Hayes Knowledge Center
- Contingent Talent Management
- symplr Compliance
- symplr Quality
All other symplr solutions do not use Apache Log4j 2 and, as a result, are not impacted by the known vulnerability, CVE-2021-44228.
What steps have been taken?
Remediation plans were issued and are complete. At this time, we are reporting that with our remediation plans in place, the Log4j 2 vulnerabilities are causing no known issues in any symplr solutions that use the affected tool. Customers using these products have been contacted directly.
In addition, symplr Product and Engineering teams continue to monitor the situation and apply new patches as needed.
symplr's commitment to data protection
A trusted healthcare operations partner to more than 90% of hospitals and health systems in the U.S., symplr prides itself on world-class data protection for our customers and has deployed processes and tools to address this vulnerability quickly and effectively.
At this time, customers using any of the solutions across symplr’s comprehensive healthcare operations product suite can rest assured that their data is safe from malicious actors. We are continuing to monitor the evolving situation and will keep you abreast of any changes. While ongoing assessments of the situation are occurring, the symplr Product and Engineering Teams are working closely with our vendor software partners to ensure your symplr solutions are safe.
Check back here for updates or, if you have immediate questions or concerns, please contact your symplr customer service representative directly.