Need to monitor Yieldify outages?
Stay on top of outages with IsDown. Monitor the official status pages of all your vendors, SaaS, and tools, including Yieldify, and never miss an outage again.
Start Free Trial
To follow best practices, all Log4j dependencies have been updated to use version 2.17.1 to address the vulnerabilities reported as CVE-2021-44832 and CVE-2021-45046.
We have continuously monitored our systems throughout the incident and we do not believe that our systems were compromised due to these vulnerabilities.
We are aware of an additional security advisory indicating that the fix to address CVE-2021-44228 in Log4j 2.15.0 does not remediate the vulnerability appropriately in certain configurations. This has been catalogued under CVE-2021-45046.
Although we do not currently believe that our systems are at risk due to this latest vulnerability, we will keep a close eye on the situation in case new vulnerabilities or bypasses are discovered and we will be updating all versions of Log4j to 2.16.0 in the coming weeks.
Our team has completed a thorough review of our codebases, dependencies, and suppliers. The relevant systems have now been patched and we do not have any further reason to believe that the Yieldify Conversion Platform may be impacted by this vulnerability.
We will continue to monitor the situation closely.
Any potential use of log4j within our systems is being investigated. We are also monitoring the situation with our suppliers.
Throughout this incident, we have been continuously monitoring our egress traffic via our SIEM (Lacework) and no abnormal egress traffic has been detected.
Yieldify is actively following the security vulnerability found in the open-source Apache Log4j utility (CVE-2021-44228).
The Apache Log4j utility is a commonly used library for logging requests in Java based projects and codebases. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code.
On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from remote servers when message lookup substitution is enabled.
With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.
Start free trialNo credit card required · Cancel anytime · 3278 services available
Integrations with
How much time you'll save your team, by having the outages information close to them?
14-day free trial · No credit card required · Cancel anytime