Why Proofpoint

Proofpoint’s Response to the Log4j Vulnerability

At Proofpoint, as in many organizations, it’s been an all hands on deck exercise since details emerged around CVE-2021-44228 (also known as Log4Shell). In situations like these, we bring together our global teams to identify and remedy any risks to customer environments as well as investigate any exposure we may have ourselves.

Once the Log4j vulnerability was disclosed and over the weekend, we posted guidance to our Communities site for Proofpoint customers and relayed status via our global support teams. However, given the serious risk and security community attention on this vulnerability, we’re posting our latest status as a public blog as well. Please see below for the full table for the details on the applicability of CVE-2021-44228 on individual Proofpoint products.

In addition, we always try to share our own work in detecting exploitation of vulnerabilities--especially one as widespread as Log4Shell vulnerabilities—for free. We’ve updated the Emerging Threats Open ruleset several times with additional signatures for Snort and Suricata, and it’s easy to get the latest via the instructions here.

We are aware of another vulnerability that impacts log4j2, CVE-2021-45046, as well as changes to the effectiveness of countermeasures.  Remediation for these issues is complete.

We are aware of CVE-2021-45105 and CVE-2021-44832, which affect log4j2, and have assessed their impact/severity.  Based on the currently available information, we plan to address these issues as part of our normal patch and vulnerability management processes.

We’ll continue providing updates first through our normal channels (Communities and Support), which should be consulted first, but will also keep this blog current. We recommend you check back frequently to confirm the latest status of our products. In the meantime, our thoughts are with all the security teams who are working nights and weekends to protect their organizations.

Product Status
Archiving Appliance Impacted, remediation implemented 
Archiving Backend Impacted, remediation implemented
Cloud App Security Broker Impacted, remediation implemented
Cloudmark Cloud/Cloudmark Hybrid Impacted, remediation implemented
Cloudmark on Premise Not Impacted
Content Patrol Not Impacted
Data Discover Not Impacted
DLP Core Engine Not Impacted
Email Continuity Impacted, remediation implemented
Email Fraud Defense (EFD) Impacted, remediation implemented
Email Protection on Demand (PoD), including Email DLP and Email Encryption Impacted, remediation implemented
Email Protection On-Premises (PPS), including Email DLP and Email Encryption Impacted, remediation implemented. If your deployment is configured to manually apply patches, please reach out to support for help or to verify if the remediation was applied
Email Security Relay Impacted, remediation implemented
Endpoint DLP Not Impacted
Essentials Archive Impacted, remediation implemented
Essentials Email Not Impacted
Insider Threat Management On-prem Not Impacted
Insider Threat Management SaaS Impacted, remediation implemented
Insider Threat Management SaaS Endpoint Agents Not Impacted
Isolation Not Impacted
Meta/ZTNA Not Impacted
Nexus People Risk Explorer Not Impacted
Proofpoint Compliance Gateway Impacted, remediation implemented
Secure Email Relay Impacted, remediation implemented
Secure Share Not Impacted
Security Awareness Training Impacted, remediation implemented
Sentrion 4.4 or earlier Not Impacted
Sentrion 4.5 Impacted, remediation implemented -Please reach out to support for help or to verify if the remediation was applied
Social Discover Not Impacted
SocialPatrol Impacted, remediation implemented
SocialWare Not Impacted
Targeted Attack Protection (TAP) Not Impacted
Threat Response (TRAP) Not Impacted
Web Security Impacted, remediation implemented

Impacted, remediation implemented = Proofpoint product used a version of the Log4j software identified as vulnerable in CVE-2020-44228 and Proofpoint has implemented the open source project's recommended mitigation

Impacted, remediation in progress = Proofpoint product uses a version of the Log4j software identified as vulnerable in CVE-2020-44228 and Proofpoint is in the process of implementing the open source project's recommended mitigation

Not Impacted = Proofpoint product does not use a Log4j version vulnerable to CVE-2021-44228

Is your organization protected from targeted attacks? Learn about Ransomware Attacks.

Subscribe to the Proofpoint Blog