PatSnap’s Log4j Vulnerability Statement
On December 10, 2021, PatSnap’s engineering team was made aware of a potential vulnerability relating to Log4j (CVE-2021-44228 and CVE-2021-45046), which is a logging tool used in many Java-based applications. Our team promptly identified the impact and scope of the potential Log4j vulnerability, and PatSnap instituted an action plan to protect PatSnap’s systems.
As of December 16, 2021, PatSnap has taken the following actions in connection with the aforementioned action plan:
- PatSnap has instituted a system-wide update, upgrading the Log4j component to version 2.16 with respect to all of PatSnap’s online services, including, but not limited to, PatSnap’s official website, Analytics, Insights, Discovery, Chemical, Bio, Academy and Connect;
- PatSnap has deployed AWS WAF (Web Application Firewall) to help analyze, evaluate and mitigate any malicious web traffic; and
- PatSnap has commenced periodic monitoring and security scans of our online services to address any such Log4j vulnerabilities.