BACKGROUND:
The Log4j2 vulnerability allows an attacker to execute code on a remote server. This is called ‘remote code execution’ (RCE). Log4j2 is a logging package written in Java and is frequently used by applications written in Java.
HOW THIS AFFECTS COMPANIES USING ZUAR SOLUTIONS:
It is true that the products of numerous companies operating in the data pipeline and visualization space have been identified as having exposure to the Log4j vulnerability. Fortunately, no Zuar products are written in Java, so no Zuar products are susceptible to the vulnerability.
THIRD-PARTY CONSIDERATIONS:
As we are a Premier Technology Partner for Tableau, we expect some customers of Zuar’s Mitto ELT solution may have installed Tableau’s tabcmd software on their instance in order to perform Tableau Export jobs.
In 2020, we released Mitto Export jobs as a replacement for Tableau Export jobs. Mitto Export jobs do not utilize tabcmnd. If Mitto customers are using the deprecated Tableau Export jobs within Mitto, we encourage you to update to Mitto Export jobs.
You can learn more about Mitto Export jobs here: Mitto Job: Export — Mitto
For any questions about Tableau Software, we encourage you to review current and forthcoming Log4j updates from Tableau and Salesforce:
https://help.salesforce.com/s/articleView?id=000363736&type=1
SUPPORT LINKS:
If you have any questions or concerns, please do not hesitate to connect with Zuar.
If you haven’t already, register with the Zuar Community and important updates like this will be sent directly to your inbox.