Cyberark Products | Log4j Vulnerability

Some of the Cyberark Products like Privilege Cloud, Remote Access, Connector, Secure Web Sessions have been affected by Log4j Vulnerability and rest of the products like Cloud Entitlements Manager, EPM, HTML5 Gateway, Identity (excluding SWS), SIM, MarketPlace components, CPM Plugins,Secrets Manager have been unaffected by this. For the affected products fix or mitigation steps have been already provided by Cyberark team as noted below..

Cyberark ProductStatusPatched?
Cloud Entitlements ManagerNot VulnerableNot Needed
Endpoint Privilege Manager (EPM) – AgentsNot VulnerableNot Needed
Endpoint Privilege Manager (EPM) – EPM Server (On-Premise)Not VulnerableNot Needed
Endpoint Privilege Manager (EPM) – Service (SaaS)Not VulnerableNot Needed
HTML5 GatewayNot VulnerableNot Needed
Identity – Mobile AppNot VulnerableNot Needed
Identity – On-Premise ComponentsNot VulnerableNot Needed
Identity – Secure Web Sessions (SWS)VulnerablePatched
Identity – Service (SaaS)Not VulnerableNot Needed
Legacy Sensitive Information  (SIM)Not VulnerableNot Needed
Marketplace components – Certified and Trusted Marketplace ComponentsNot VulnerableNot Needed
Marketplace components – CPM PluginsNot VulnerableNot Needed
Marketplace components – PSM Connection ComponentsNot VulnerableNot Needed
On-Demand Privileges Manager (OPM)Not VulnerableNot Needed
PAS Self Hosted (Vault, PVWA, CPM, PSM, PSMP)Not VulnerableNot Needed
Privilege Cloud – On-Premise ComponentsNot VulnerableNot Needed
Privilege Cloud – Service (SaaS)VulnerablePatched
Privileged Threat Analytics (PTA)WorkaroundPatched
Remote Access (Alero) – ConnectorVulnerablePatched
Remote Access (Alero) – Mobile AppNot VulnerableNot Needed
Remote Access (Alero) – Service (SaaS)VulnerablePatched
Secrets Manager Conjur EnterpriseNot VulnerableNot Needed
Secrets Manager Credential ProvidersNot VulnerableNot Needed
Source: https://cyberark-customers.force.com/s/article/Critical-Vulnerability-CVE-2021-44228

Scroll to Top