Please find information related to the recently discovered Log4j2 vulnerability (CVE-2021-44228).
Please note that while many Ataccama customers are NOT impacted, action may be required if you are using a self-managed Ataccama ONE in v12/v13 or the Manta module. Please see the details below.
The following groups of customers are affected:
- Customers with the following modules in a self-managed deployment (Customer’s cloud, on-prem, public cloud, etc.): Ataccama ONE Data Governance and Data Quality (version 12.x or 13.x)
- Customers with the Manta data lineage module deployed on Customer's infrastructure.
Not affected customers
The following groups of customers are not affected:
- Customers using Ataccama's PaaS: Ataccama performed the necessary action to address the issue with top priority on Saturday, December 11th, 2021. We are not aware of any suspicious activity on production systems at this moment, but we are continuing to investigate all network traffic to confirm the vulnerability has not been exploited. If you use Customer-managed Manta in connection with the Ataccama PaaS, please refer to the section above.
- Customers using Ataccama PaaS /Hybrid (with DPE or Ataccama Desktop/IDE running in Customer’s environment): DPE or Ataccama Desktop/IDE is not impacted by the vulnerability.
- Customers using Ataccama MDM, RDM, DQIT, DQC in v12 or 13, or any Ataccama module in version 11 and lower.
Should you require any assistance with the process, please reach out to the Ataccama Support team via Help Desk or at firstname.lastname@example.org.