Information Security Notices
Talkdesk Update on Spring4Shell Vulnerability
Talkdesk is aware of the recently announced Java Spring Framework vulnerabilities (CVE-2022-22963 and CVE-2022-22965) — generally being referred to as Spring4Shell. These vulnerabilities potentially enable an attacker to execute arbitrary code resulting, in the worst case, in full code execution (RCE) compromise.
Talkdesk is actively monitoring the still evolving situation and updates with regards to the Java Spring Framework, and our Security team is actively evaluating how this vulnerability may affect Talkdesk products and services.
We will provide updates as more information becomes available and we complete our investigation. If you have further questions, please reach out to your customer support manager or our Support team.
Talkdesk Update on the Log4j Vulnerability
At Talkdesk we take the security of our customers very seriously and strive to continuously improve it. To keep our customers informed, we provide an updated overview of our response to the recent critical CVE-2021-44228 vulnerability in the Java logging library Log4j.
How Talkdesk has responded
Talkdesk became aware of the critical vulnerability identified in CVE-2021-44228 (Log4Shell) on December 10, 2021 and immediately started the vulnerability management process to evaluate potential impact and areas of risk to Talkdesk. Our security and engineering teams promptly began steps to remediate any potential exposure, while patching and monitoring for any indicators of compromise through the implementation of detective and preventive controls.
At this time we have not identified any exploitation in our services, and we are not aware of any impact to any customer account.
Talkdesk is also actively assessing this risk in our supply chain and will continue to work with our supply chain vendors until we are assured that no risk is posed to our system.
If Talkdesk becomes aware of unauthorized access to our environment, we will notify impacted customers without unnecessary delay.
Update April 1, 2022
Talkdesk has fully remediated the Log4j vulnerability identified in CVE-2021-44228, CVE-2021-44832, CVE-2021-45105, and CVE-2021-45046. Talkdesk will continue to monitor for further developments related to Log4j vulnerabilities and respond accordingly.
Update January 25, 2022
Talkdesk has addressed the vulnerabilities associated with CVE-2021-44228 , CVE-2021-44832, and CVE-2021-45046 by applying the proper patches provided by software manufactures.
Talkdesk will continue to monitor developments related to Log4j vulnerabilities and act quickly. We appreciate your trust in us.
Update December 29, 2021
Talkdesk continues to follow our vulnerability management process and remediating the vulnerability announced in CVE-2021-4104 and CVE-2021-45046. Thus far, we believe that every customer facing service is appropriately remediated.
In addition, for the near term, Talkdesk will periodically assess our supply chain to determine the extent to which they are impacted by the Log4j vulnerability and ensure all steps have been taken toward remediation.
Talkdesk’s security team continues to maintain additional controls intended to detect and prevent exploitation of our environment. In case of any relevant developments, Talkdesk will keep updating this site accordingly.
Update December 20, 2021
Following our vulnerability management process, Talkdesk is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046. Talkdesk is aware of the recent updates made by Apache concerning CVE-2021-45046 and is evaluating the potential impact of this advisory and following applicable remediation processes.
While that process is ongoing, Talkdesk’s security team continues to monitor for any indicators of compromise through the usage of detective and preventive controls.