Responsible Disclosure

• 4/6/2022 Applications affected by this vulnerability have been fully updated with the recommended fixes.
• 4/5/2022 Watermark is aware of the Spring4Shell Vulnerability and we are actively investigating and assessing if any of our applications are impacted. We will have further updates as information becomes available.

On December 9, 2021, a security vulnerability in Apache Log4j2 was publicly identified as being actively exploited in the wild. On December 14th, 2021, a new vulnerability was announced on Log4j2.15. On December 17th, 2021, a new vulnerability was announced on log4j2.x – 2.16.

• Update as of December 19th 8:00am EST – Watermark has patched the system components affected by the Log4j2.x – 2.16 vulnerability with log4j2.17.
• Update as of December 18th 11:00am EST – Watermark has deployed mitigating controls and we are actively patching system components affected by the Log4j2.x – 2.16 vulnerability with log4j2.17.
• Update as of December 17th 11:00am EST – Watermark has patched the system components affected by the Log4j2.15 vulnerability with log4j2.16.
• Update as of December 17th 8:00am EST – Watermark is actively patching the system components affected by the Log4j2.15 vulnerability with log4j2.16.
• Update as of December 15th 12:00pm EST – Watermark has patched the system components affected by the Log4j2 vulnerability with Log4j2.15.

Issue: Discovery of security issue by the National Vulnerability Database (CVE-2021-44228) affecting Apache component Log4j2. On Tuesday December 14th, a new vulnerability was discover affecting Log4j2.15 (CVE-2021-45046).
Impact and Remediation: Watermark has deployed mitigating controls and we are actively monitoring for this vulnerability and any new threats.

Next Update: Updates will also be posted as additional information becomes available.