Latest update of this post: 20/12/2021, 06:50 CET
 
Tableau and Salesforce, among many other software vendors, are working on updates and actions related to the recently uncovered (December 15th 2021) vulnerability designated as CVE-2021-44228 (also known as the Apache Log4j2 Vulnerability). On December 19th 2021, the additional vulnerabilities CVE-2021-45046 and CVE-2021-45105 popped up on the radar.
 
Biztory provides you with additional information as to what has happened and what is happening in the coming days.

What's impacted by the Apache Log4j2 Vulnerability?

Tableau

Snowflake

Fivetran

  • On Friday December 10, 2021 after CVE-2021-44228 was disclosed, Fivetran’s Engineering and AppSec teams reviewed the Fivetran services to determine if Log4j was used anywhere in our services. This review determined that Log4j is not used by Fivetran’s core services and customer data remains secure.

Actions to be Taken

Patches for Tableau Server and other on-premise products have been released.

All customers should download and install these updates, patched versions as soon as possible. These releases apply to versions 2020.4 through 2021.4. If you're using an older version of Tableau, you must upgrade to one of these more recent versions.

Update: in the light of multiple vulnerabilities having been identified, two subsequent releases of Tableau software have taken place:

  • On December 15th 2021 for CVE-2021-44228.
  • On December 19th 2021 for CVE-2021-44228 and CVE-2021-45046.

If your latest update is the December 15, 2021 release or prior, if it advised to take steps to mitigate both vulnerabilities by updating to the very latest version.

Optionally, to allow for some time to roll out the upgrade, one can consider following Tableau's official mitigation steps as a temporary measure until ready to upgrade to a patched version.

Official information

CVE-2021-44228 (also known as the Apache Log4j2 Vulnerability).

Snowflake updates

Saleforce / Tableau updates

Fivetran updates: see official statement above

Psssst... never miss out!

We'll keep you updated* with our latest knowledge and share our newest events (e.g. training, webinars).
 
*You receive max. two newsletters a month, and you can unsubscribe at any time.