Log4J Denial of Service (DoS) Vulnerability (CVE-2021-45105) update - December 18, 2021

Impacted Products: IdentityIQ and File Access Manager deployments where customers have modified out of the box pattern layouts in log4j2.properties.

SailPoint is aware of the recently-identified DoS vulnerability in Log4J (CVE-2021-45105) and have reviewed the vulnerability information provided by the Apache Logging Services Project. Based on our initial analysis, we do not believe this vulnerability impacts SailPoint products, with the exception of IdentityIQ or File Access Manager customers that have modified the out of the box pattern layouts in log4j2.properties to include the tokens identified in the CVE .

We will continue to analyze this issue and provide further guidance in the next few days.