Outage in Yieldify

CVE-2021-44228

Resolved Minor
December 10, 2021 - Started about 3 years ago
Official incident page

Need to monitor Yieldify outages?
Stay on top of outages with IsDown. Monitor the official status pages of all your vendors, SaaS, and tools, including Yieldify, and never miss an outage again.
Start Free Trial

Outage Details

Yieldify is actively following the security vulnerability found in the open-source Apache Log4j utility (CVE-2021-44228). The Apache Log4j utility is a commonly used library for logging requests in Java based projects and codebases. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code. On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from remote servers when message lookup substitution is enabled.
Latest Updates ( sorted recent to last )
RESOLVED almost 3 years ago - at 01/25/2022 02:10PM

To follow best practices, all Log4j dependencies have been updated to use version 2.17.1 to address the vulnerabilities reported as CVE-2021-44832 and CVE-2021-45046.
We have continuously monitored our systems throughout the incident and we do not believe that our systems were compromised due to these vulnerabilities.

MONITORING about 3 years ago - at 12/17/2021 05:42PM

We are aware of an additional security advisory indicating that the fix to address CVE-2021-44228 in Log4j 2.15.0 does not remediate the vulnerability appropriately in certain configurations. This has been catalogued under CVE-2021-45046.

Although we do not currently believe that our systems are at risk due to this latest vulnerability, we will keep a close eye on the situation in case new vulnerabilities or bypasses are discovered and we will be updating all versions of Log4j to 2.16.0 in the coming weeks.

MONITORING about 3 years ago - at 12/14/2021 09:22PM

Our team has completed a thorough review of our codebases, dependencies, and suppliers. The relevant systems have now been patched and we do not have any further reason to believe that the Yieldify Conversion Platform may be impacted by this vulnerability.

We will continue to monitor the situation closely.

IDENTIFIED about 3 years ago - at 12/14/2021 01:29PM

Any potential use of log4j within our systems is being investigated. We are also monitoring the situation with our suppliers.

Throughout this incident, we have been continuously monitoring our egress traffic via our SIEM (Lacework) and no abnormal egress traffic has been detected.

IDENTIFIED about 3 years ago - at 12/14/2021 01:28PM

Yieldify is actively following the security vulnerability found in the open-source Apache Log4j utility (CVE-2021-44228).

The Apache Log4j utility is a commonly used library for logging requests in Java based projects and codebases. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code.

On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from remote servers when message lookup substitution is enabled.

Latest Yieldify outages

Auth0 elevated error rate - about 3 years ago
Fastly Outage - over 3 years ago

Be the first to know when Yieldify and other third-party services go down

With IsDown, you can monitor all your critical services' official status pages from one centralized dashboard and receive instant alerts the moment an outage is detected. Say goodbye to constantly checking multiple sites for updates and stay ahead of outages with IsDown.

Start free trial

No credit card required · Cancel anytime · 3278 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook

Setup in 5 minutes or less

How much time you'll save your team, by having the outages information close to them?

14-day free trial · No credit card required · Cancel anytime