Once we were aware of the log4j vulnerability (CVE-2021-44228), the Tablet Command team started an investigation to determine if Tablet Command or any third-party vendors are affected. Here are our findings:
- Tablet Command does not utilize Apache log4j or Java directly in any of its applications or services; this includes backend services, mobile applications, and integration applications.
- Our web application firewall was updated on December 10 to address log4j and other exploits.
- We have also evaluated our third-party vendors and none are directly affected. Any third-party vendor that did have an exposure as a result of log4j has upgraded or patched to mitigate the vulnerability. We are continuing to monitor our third-party vendors.
Tablet Command takes data and infrastructure security very seriously. We partnered with Credio Partners for cyber security, run regular web penetration testing, and follow industry best practices. We continue to work with Credio and other partners to constantly evaluate and improve our cybersecurity position.
If you have any additional comments, please submit an email to firstname.lastname@example.org