KnowBe4 is aware of the recent log4j vulnerability (CVE-2021-44228) and has been investigating this issue in-depth. We can confirm that no KnowBe4 products are affected by this at this time and therefore no actions are required to be taken by our customers.
In addition to investigating our products, we have and will continue to investigate third party software and applications used by KnowBe4 to determine if any are affected. For any third party software or applications KnowBe4 uses where a recommended mitigation was determined to be needed, we have implemented those recommended mitigations. We have also inspected audit trail logs for these systems and can confirm at this time there are no systems or data that have been affected.
Since we expect this issue to continue to evolve, we will continue to actively monitor our environment, and our third party advisories for new developments. We will actively monitor logs and will continue to apply any additional recommended mitigations. Should any further status updates be necessary we will provide those in a timely manner when appropriate.
