CVE-2021-44228 log4j Vulnerability
Zscaler is aware of a critical severity vulnerability affecting the log4j library. The Zscaler Security Team is working closely with the engineering team and evaluating the use of this library internally and working on mitigating them.
Zscaler will continue to monitor the situation and provide further updates.
Update 1 [2021-12-10 10:15 PM UTC] All ZPA public facing services that use log4j have now been patched. All ZIA UI components are not vulnerable.
Update 2 [2021-12-11 2:30 AM UTC] Zscaler Mobile Admin & Support Mobile Admin components are now patched. Zscaler security team also performed an in-depth review and analysis to ensure our systems were not exploited.
Update 3 [2021-12-11 8:39 PM UTC] Zscaler security team has analyzed the use of log4j in all its products. All use of vulnerable libraries have been remediated and the systems analyzed for compromise. There was no impact identified because of this vulnerability and Zscaler is no longer affected.
For more details on the vulnerability and how you can protect your organization please read our detailed Zscaler Security Research blog.