It seems some of the SalesForce Services and products were also impacted due to Log4j vulnerability. SalesForce has actively started patching some of it’s vulnerabilities.Except Heroku almost all SalesForce services and products are affected by this Log4j Vulnerability. Some of the products in the below table have been already patched.
| Service/Product | Status | Patched? |
|---|---|---|
| Sales Cloud | Vulnerable | Patch in Progress |
| Service Cloud | Vulnerable | Patch in Progress |
| Community Cloud | Vulnerable | Patch in Progress |
| B2C Commerce Cloud | Vulnerable | Patch in Progress |
| Analytics Cloud | Vulnerable | Patched & Updated |
| Force.com | Vulnerable | Patch in Progress |
| Social Studio | Vulnerable | Patch in Progress |
| Datorama | Vulnerable | Patch in Progress |
| Pardot | Vulnerable | Patch in Progress |
| Data.com | Vulnerable | Patch in Progress |
| Heroku | Not Vulnerable | Not Needed |
| Marketing Cloud | Vulnerable | Patch in Progress |
| MuleSoft (Cloud) | Vulnerable | Patch in Progress |
| MuleSoft (On-Premise) | Vulnerable | Patch might be there. |
| ClickSoft (As-a-Service) | Vulnerable | Patch in Progress |
| ClickSoft (On-Premise) | Vulnerable | Patch might be there. |
| Tableau (Online) | Vulnerable | Patch in Progress |
| Tableau (On-Premise) | Vulnerable | Patch might be there. |
| Slack | Vulnerable | Patch in Progress |
| Evergage (Interaction Studio) | Vulnerable | Patched & Updated |
For some of the On-premise versions like MuleSoft, ClickSoft and Tableau, users might need to contact Customer Support about the patch availability or the remediation Steps. SalesForce continues to monitor and prevent any exploitation attempts of Customer data. They have also said Customers would be intimated if they detect any kind of suspicious activity on their Systems.