Apache Log4j2
Incident Report for Lever
Resolved
Lever is committed to the protection and safety of your data. We have adapted our approach as the log4j vulnerabilities evolved (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105).

We have completed a full scan of our environment for vulnerable versions of log4j.
We have upgraded 2 affected backend systems where vulnerable log4j has been found.
We have added additional monitoring for the types of applications that may try to run vulnerable log4j libraries.
We have tuned our security monitoring software to alert on behavior that would indicate a log4j compromise.

We appreciate your trust in us as we continue to make your success our top priority. For more information, please review CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 and the Apache Log4j2 post.
Posted Jan 31, 2022 - 09:37 PST
Update
Our team is continuing to remediate vulnerabilities as soon as they are found and will continue to assess and monitor our environment. We’ve recently identified two more vendor supplied internal software tools that contained the vulnerable library. Those tools were patched with the recommended patches as supplied by the vendors. We have not detected any impact to any data. Please watch for communications from Lever with additional details as they are available.

----

Lever is committed to the protection and safety of your data. We are aware of the recently disclosed Apache Log4j2 vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832). We are actively monitoring this issue and are working to remediate any Lever services that use the vulnerable component Log4j. We appreciate your trust in us as we continue to make your success our top priority.

For more information, please review CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 and the Apache Log4j2 post. Updates will also be posted to https://status.lever.co as additional information becomes available.
Posted Dec 29, 2021 - 17:53 PST
Update
Our team has remediated where vulnerabilities have been found and will continue to assess and monitor our environment. Please watch for communications from Lever with additional details as they are available.
Posted Dec 21, 2021 - 10:35 PST
Monitoring
Lever is committed to the protection and safety of your data. We are aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105). We are actively monitoring this issue and are working to remediate any Lever services that use the vulnerable component Log4j. We appreciate your trust in us as we continue to make your success our top priority.

For more information, please review CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105, and the Apache Log4j2 post. Updates will also be posted to https://status.lever.co/ as additional information becomes available.
Posted Dec 13, 2021 - 12:25 PST
This incident affected: Global Data Center - LeverTRM (Hire) and EU Data Center - LeverTRM (Hire).