Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI
SailPoint has addressed the Log4J RCE and DoS vulnerabilities (CVE-2021-44228, CVE-2021-45046) by upgrading to Log4J 2.16.0.IdentityIQ and File Access Manager customers can refer to latest IdentityIQ blog post and File Access Manager blog post, respectively, for instructions on how to deploy the latest releases. IdentityIQ harvester is still being upgraded, and we expect the upgrade to be deployed later today. We will issue further communications once the updated IdentityIQ harvester has been deployed.For IdentityNow and IdentityAI customers, Cloud Connector Gateway (CCG) version 658 has been automatically deployed . For customers who have not received the automatic update, SailPoint customer service is reaching out in order to upgrade those instances. The CCG version is visible to customer admins in the IdentityNow UI.
SailPoint has deployed the latest release of IdentityIQ harvester for IdentityAI which addresses the Log4J Remote Code Execution (RCE) and Denial of Service (DoS) vulnerabilities (CVE-2021-44228, CVE-2021-45046) by upgrading to Log4J 2.16.0. No action is needed .