Wolters Kluwer is actively engaged in responding to the reported critical zero-day vulnerability in the Apache Log4j java library (CVE-2021-44228)
Apache Log4j is widely used by many companies for logging purposes and is often included with third-party software packages. Once the vulnerability was disclosed, we began communicating with our customers with status information on applicable patches and updates, and relayed status updates via our global support teams, however, we also wanted to share this information on our website, due to the criticality of this vulnerability, and our commitment to the security of our products and solutions.
Wolters Kluwer is continuing to investigate and take action for any of our products and solutions that may be potentially impacted by the Log4j vulnerability. As necessary, we are updating Log4j software identified as vulnerable in CVE-2021-44228 or applying mitigations in the interim, including in cases where additional control layers such as network controls and web application firewalls may be in place. Additionally, we are aware of new vulnerabilities that impact Log4j, CVE-2021-45046 and CVE-2021-45105, as well as evolving guidance on effectiveness of countermeasures. We are actively investigating the applicability of these issues and mitigations. Our information security team continues to closely monitor all developments relating to this incident. We will continue to remain vigilant and share updates with our customers as developments arise.