In case you haven’t heard about the widespread log4j vulnerabilities, most experts are calling this the biggest exposure(s) in the history of the internet. According to Jen Easterly, director of Cybersecurity and Infrastructure Security Agency (CISA), “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.” The data and analytics ecosystem is certainly also affected. If the vulnerabilities are not addressed, hackers could tap into computer servers, applications, and devices—accessing an organization’s data and analytics. Two things you can immediately do include: If you are self-hosting any affected software (see list below), we recommend removing any internet-facing applications and immediately remediating the situation. If you use any affected cloud/SaaS/multitenant software that does not automatically use the most current version, we recommend contacting the vendor immediately to update to the newest remediated version. How These logj4 Vulnerabilities Affect Data and Analytics Tools’ Exposure As of Jan. 14, 2022, here’s a summary of Analytics8’s understanding of data and analytics tools’ exposure. Note: Custom configurations or custom builds – especially those involving custom logging – may introduce vulnerabilities. The lists below assume default configurations. Cloud / SaaS / Multitenant Vulnerable: Non-supported versions of Looker (i.e. NOT versions 21.0, 21.6, 21.12, 21.16, 21.18, or 21.20) Vulnerable, remediation identified but not yet fully implemented: None known No longer vulnerable: Salesforce Sales Cloud Service Cloud B2C Commerce Cloud Force.com Data.com Community Cloud Mulesoft Cloud Datorama Pardot Einstein Slack Looker 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 Tableau Online Never Vulnerable / Not Affected: Snowflake dbt Cloud Microsoft Power BI Fivetran Unknown: Birst On-Prem / Self-hosted Vulnerable with no known remediation: Birst self-hosted Vulnerable with remediation available: Self-hosted versions of Looker Tableau family of products Qlik GeoAnalytics GeoAnalytics Plus Compose for Data Lakes version 6.6 Compose for Data Warehouses versions 6.6, 6.6.1, 7.0 Compose versions 2021.2, 2021.5, 2021.8 Enterprise Manager versions 6.6, 7.0, 2021.5, 2021.11 Replicate versions 6.6, 7.0, 2021.5, 2021.11 Qlik Catalog – May 2021 release and onward Mulesoft self-hosted Matillion family of products SAP Business Objects family of products Never Vulnerable / Not Affected: dbt self-hosted Microsoft Power BI – all products Qlik – all products NOT listed above UniverseBridge QlikMaps If anything reported is in error, please let us know! As we learn more, we will keep this post updated. Talk With a Data Analytics Expert "*" indicates required fields First Name* First Last Name* Last Company Email* Phone Number*Job PositionPlease SelectIT- DeveloperIT- AnalystIT- Systems EngineerIT- ManagerIT- Dir/VPCIOCOOCTOMarketing- PractitionerMarketing- MgrMarketing- Dir/ VPMarketing- CMOSales- ProfessionalSales- Mgr/DirSales- VP/ExecProject ManagerFinance- ProfessionalFinance- Mgmt/ ExecCEO/PresidentConsultantCustomer ServiceJob Seeker/StudentOtherCompany Name*Company Location*Please SelectUnited StatesCanadaAustriaBelgiumBulgariaCroatiaCyprusGreeceDenmarkLuxembourgIrelandHungaryFinlandFranceGermanyPortugalPolandItalySpainNetherlandsSwedenSlovakiaSouth AfricaSwitzerlandAustraliaUnited KingdomNew ZealandMexicoEthiopiaPhilippinesSwazilandKenyaLiberiaIndonesiaSaudi ArabiaTrinidad and TobagoColombiaSyriaPeople's Republic of ChinaUnited Arab EmiratesKoreaNigeriaNepalAlgeriaPakistanGhanaChileHong KongArgentinaCzech RepublicPeruSierra LeoneIvory CoastKuwaitZimbabweRwandaBrazilIranUgandaEcuadorEgyptCameroonMauritiusAlbaniaIsraelSaint Kitts and NevisJapanTurkeyRomaniaSloveniaBangladeshSingaporeTunisiaIndiaLithuaniaUkraineGuatemalaNorwayRussiaMalaysiaBoliviaSerbiaUruguaySenegalDominicaChinaVietnamBahrainYemenEast TimorBelarusPalestinian TerritoryMaltaPanamaTaiwanQatarMadagascarLebanonJamaicaChristmas IslandSudanAndorraHaitiEstoniaAntigua and BarbudaKazakhstanPuerto RicoCosta RicaGuamSomaliaSri LankaBermudaTogoJerseyMayotteAmerican SamoaLatviaBahamasOmanEl SalvadorAfghanistanBotswanaSouth SudanCôte d'IvoireMoroccoChadThailandVenezuelaAngolaArmeniaAntarcticaGambiaCubaGrenadaAnguillaBeninBurkina FasoMontserratZambiaCuracaoNorth KoreaBonaire, Saint Eustatiusand SabaAland IslandsFrench PolynesiaDemocratic Republic of the CongoMaliHondurasCentral African RepublicRepublic of the CongoBarbadosNigerRussian FederationNicaraguaCocos (Keeling) IslandsFrench GuianaMontenegroTanzaniaNamibiaJordanUnited States MinorOutlying IslandsDominican RepublicIcelandFijiBurundiArubaIraqMacedoniaBruneiMongoliaParaguayPapua New GuineaCambodiaMalawiSolomon IslandsTongaAzerbaijanSan MarinoGeorgiaDjiboutiUzbekistanState*Please SelectAlabamaAlaskaAmerican SamoaArizonaArkansasCaliforniaColoradoConnecticutDelawareDistrict of ColumbiaFloridaGeorgiaGuamHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaNorthern Mariana IslandsOhioOklahomaOregonPennsylvaniaPuerto RicoRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahU.S. Virgin IslandsVermontVirginiaWashingtonWest VirginiaWisconsinWyomingArmed Forces AmericasArmed Forces EuropeArmed Forces PacificProvince*Please SelectAlbertaBritish ColumbiaManitobaNew BrunswickNewfoundland and LabradorNorthwest TerritoriesNova ScotiaNunavutOntarioPrince Edward IslandQuebecSaskatchewanYukonHow did you hear about us?Comments*By checking this box, you agree to our Privacy Policy, and we may contact you about our products and services. You can opt out of our communications at any time by visiting our Subscription Center.By checking this box, you agree to our Privacy Policy, and we may contact you about our products and services. You can opt out of our communications at any time by visiting our Subscription Center. I agree to receive communications from Analytics8.CAPTCHAThis field is hidden when viewing the formClient IDThis field is hidden when viewing the formUTM SourceThis field is hidden when viewing the formUTM MediumThis field is hidden when viewing the formUTM CampaignThis field is hidden when viewing the formUTM ContentThis field is hidden when viewing the formUTM TermCommentsThis field is for validation purposes and should be left unchanged.
