QUÉBEC CITY, December 13, 2021 – Korem and its partners are actively investigating the impacts of the Log4j library vulnerability (CVE-2021-44228) disclosed on December 9, 2021.
We will update this page with information and protection details as they become available.
Last update: 12/13/2021.
In addition to monitoring the threat landscape for attacks, our security team has been analyzing where Apache Log4j may be used and is taking expedited steps to mitigate any instances. This includes: Korem hosted solutions, Korem developed custom applications, Korem partner’s and Korem suppliers.
At this stage, it appears that our current security practices (ISO 27001 Certification) and the way our solutions are deployed greatly limit the risk associated with the vulnerability.
If we identify any customer impact, we will notify the affected party.
As stated previously, we are currently in communication with our partners to get their vulnerability assessment for their software versions and SaaS services.
With regards to the impact of recently released CVE-2021-44228 aka “Log4Shell” (the “Affected Software”) within our current product offerings, please be aware that we are currently conducting our internal assessment across our entire product and service portfolio to determine which may be affected and the associated remediation guidelines if required. We will be releasing product specific information and recommended response steps following our assessment protocol. We are also assessing our infrastructure and key suppliers and partners to determine if they have been impacted by the Affected Software.
For more information: https://support.precisely.com/
Like many global organizations that run the software, HERE Technologies recently became aware of the “Log4Shell” vulnerability, affecting many Java-based applications.
HERE took immediate steps to evaluate the impact of Log4Shell; we are actively fortifying our defense layers and maximizing mitigation efforts.
As of 12 December 2021, none of our tools/services have been interrupted by the Log4Shell vulnerability. However, we continue to reinforce our systems to ensure the safety and security of HERE Technologies, our data, customers, and employees.
For more information: https://developer.here.com/blog/here-security-update-on-apache-log4j2-issue
Google Cloud is actively following the security vulnerability in the open-source Apache “Log4j 2″ utility (CVE-2021-44228). We are currently assessing the potential impact of the vulnerability for Google Cloud products and services. This is an ongoing event, and we will continue to provide updates through our customer communication channels. This advisory page will be updated to include relevant information on our assessment.
For more information: https://cloud.google.com/log4j2-security-advisory
Log4j Vulnerability Log4Shell: We can confirm that our Designer, Designer Cloud, Server, Connect and Alteryx Machine Learning products do not use log4j. We are currently assessing our other products and ask you to proceed with an abundance of caution until web can confirm status. Please check back for updates.
For more information: https://community.alteryx.com/?category.id=external
Please reach out to your Korem representative with any additional questions and concerns.
The Korem Security Team
Since 1993, Korem has been creating long‑term value for its clients, employees and partners through innovation and geospatial expertise. Major North American companies like AT&T, Shell, Bell and Desjardins rely on Korem every day to make informed decisions and enhance their efficiency. Through its unique one-stop-shop experience, Korem is driving the adoption of geospatial technology and reducing risk. Its talented and multidisciplinary team of 80 experts shares unique business perspectives and neutral recommendations that help map out a promising future for its clients. As a value‑added reseller, Korem offers the most comprehensive and diversified portfolio of geospatial solutions, including Precisely, HERE, Foursquare, Google, Alteryx, CARTO, CoreLogic, Tableau, Environics Analytics, Safe Software, Digital Map Products, BuildingFootprintUSA and ReportAll. Learn more at korem.com