Safeguard for Privileged Sessions may be affected by the recent Apache Log4j 0-day vulnerability(CVE-2021-44228).
How does this affect me?
When Safeguard for Privileged Analytics is enabled, Safeguard for Privileged Sessions is potentially vulnerable to exploitation of the log4j vulnerability. Given the way log4j is used within the product, the likelihood of exploitability is low, but we are sending this notice and recommend taking protective action out of an abundance of caution. If Privileged Analytics is NOT enabled, you are not at risk.
The immediate workaround to remove any threat of the log4j vulnerability is to disable Safeguard Analytics functionality. This is the only component of Safeguard for Privileged Session that is impacted. Please refer to KB Article 336007 which provides instructions on how to disable this add-in.
In an effort to further protect our customers, we will be developing a hotfix which will be available for all supported versions of Safeguard for Privileged Sessions by 12/17/21 which will eliminate the vulnerability entirely allowing full usage of the Safeguard Analytics functions. We apologize for the inconvenience this issue may have caused and we are working quickly correct it.