Wolters Kluwer is actively engaged in responding to the reported critical zero-day vulnerability in the Apache Log4j java library (CVE-2021-44228)

Apache Log4j is widely used by many companies for logging purposes and is often included with third-party software packages. Once the vulnerability was disclosed, we began communicating with our customers with status information on applicable patches and updates, and relayed status updates via our global support teams, however, we also wanted to share this information on our website, due to the criticality of this vulnerability, and our commitment to the security of our products and solutions.

Wolters Kluwer is continuing to investigate and take action for any of our products and solutions that may be potentially impacted by the Log4j vulnerability. As necessary, we are updating Log4j software identified as vulnerable in CVE-2021-44228 or applying mitigations in the interim, including in cases where additional control layers such as network controls and web application firewalls may be in place. Additionally, we are aware of new vulnerabilities that impact Log4j, CVE-2021-45046 and CVE-2021-45105, as well as evolving guidance on effectiveness of countermeasures. We are actively investigating the applicability of these issues and mitigations. Our information security team continues to closely monitor all developments relating to this incident. We will continue to remain vigilant and share updates with our customers as developments arise.

FAQ

  • What steps has Wolters Kluwer taken in response to the Log4j vulnerability?
    Upon learning of the Log4j vulnerability, Wolters Kluwer immediately initiated investigations in accordance with its incident response protocols.  We have reviewed our products, software, and infrastructure and tooling, and countermeasures have been implemented for protection. As necessary, we are updating Log4j software identified as vulnerable in CVE-2021-44228, or applying mitigations in the interim, including in cases where additional control layers such as network controls and web application firewalls may be in place. Updates on the status of specific applications are being shared with customers directly.
  • Are Wolters Kluwer products affected by the Log4j vulnerability? Which products and solutions are affected?
    For Wolters Kluwer products that do use Log4j versions identified as vulnerable in CVE-2021-44228, the majority have been successfully mitigated or remediated. For the current status of a specific Wolters Kluwer product or solution, please continue to engage with your normal support channels, who can provide you with the latest information. 
  • Is there any evidence of exploitation of the vulnerability at Wolters Kluwer?
    At this time, there have been no successful exploits observed in Wolters Kluwer products, solutions or in the Wolters Kluwer environment.
  • Have Wolters Kluwer’s vendors been impacted by the Log4j vulnerability?
    Wolters Kluwer is engaged with our supply chain and third-party partners to determine if any suppliers or vendors were impacted by this vulnerability.

Specific questions? 

If you have a specific question about your product or solution, we encourage you to continue to engage with your normal support channels, who can provide you with the latest information. 

Back To Top