Apache Log4j2
Incident Report for Lever
Update
Our team is continuing to remediate vulnerabilities as soon as they are found and will continue to assess and monitor our environment. We’ve recently identified two more vendor supplied internal software tools that contained the vulnerable library. Those tools were patched with the recommended patches as supplied by the vendors. We have not detected any impact to any data. Please watch for communications from Lever with additional details as they are available.

----

Lever is committed to the protection and safety of your data. We are aware of the recently disclosed Apache Log4j2 vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832). We are actively monitoring this issue and are working to remediate any Lever services that use the vulnerable component Log4j. We appreciate your trust in us as we continue to make your success our top priority.

For more information, please review CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 and the Apache Log4j2 post. Updates will also be posted to https://status.lever.co as additional information becomes available.
Posted Dec 29, 2021 - 17:53 PST
Update
Our team has remediated where vulnerabilities have been found and will continue to assess and monitor our environment. Please watch for communications from Lever with additional details as they are available.
Posted Dec 21, 2021 - 10:35 PST
Monitoring
Lever is committed to the protection and safety of your data. We are aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105). We are actively monitoring this issue and are working to remediate any Lever services that use the vulnerable component Log4j. We appreciate your trust in us as we continue to make your success our top priority.

For more information, please review CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105, and the Apache Log4j2 post. Updates will also be posted to https://status.lever.co/ as additional information becomes available.
Posted Dec 13, 2021 - 12:25 PST
This incident affects: EU Data Center - LeverTRM (Hire) and Global Data Center - LeverTRM (Hire).