12 Cybersecurity Vendors Susceptible To The Log4j Vulnerability
Vulnerable Log4j code can be found in products from prominent identity vendors like CyberArk, ForgeRock, Okta and Ping Identity, as well as SMB-focused security companies like Fortinet, SonicWall, and Sophos.
CyberArk’s Privileged Threat Analytics (PTA) and Remote Access (Alero) Connector are both susceptible to the Log4j vulnerability and require customers to take action to stay safe. The Newton, Mass.-based privileged access management vendor directs customers to pursue an available workaround for the PTA offering and implement an available fix for the Remote Access Connector.
The company was able to apply mitigations to SaaS-based versions of its Privilege Cloud and Remote Access (Alero) offerings as well as its Secure Web Sessions (SWS) version of the Identity offering, all of which were exposed to the Log4j vulnerability. Due to the publication of exploit code on various sites, CyberArk strongly recommends that customers apply the provided updates as soon as possible.