Fivetran Impact Analysis of Log4j Vulnerabilities
Incident Report for Fivetran
We have received several inquiries regarding the recent Log4j Vulnerabilities. Below is the official report from Fivetran's Security Team:

Update on Log4j Vulnerabilities

Fivetran is not affected by the Log4j vulnerability (CVE-2021-44228) or its variants (CVE-2021-45046). Fivetran does not use Log4j in our core services and has been unaffected.

Fivetran’s Security Team has reviewed our sub-processors and confirmed they have mitigated this issue for any services used by Fivetran.

Additionally, Fivetran’s services integrate into hundreds of third party systems many of which provide their own SDKs or libraries for these integrations. Fivetran has audited these third party libraries, and if Log4j is included in any third party libraries Fivetran has removed or disabled it as it is not required for the operation of our services.

The above information also applies to HVR Software’s Hub and Remote Agents. HVR products are not affected by these vulnerabilities.
Posted Dec 11, 2021 - 01:00 UTC