...
Luma 1.x is not vulnerable. The Logging libraries used are not vulnerable.
Luma Virtual Agent (Luma 2.x): Risks are mitigated for Demo as well as production all environments.
Luma Automation: Risks are mitigated for all environments.
Intelligent Service Management (ISM): Risks are mitigated for all environments. The main component ‘Service desk’ uses Log4j older version (1.x) and is not vulnerable.
The other services or components that use the newer version of Log4j (2.x) have been patched.Luma Knowledge: Patch has been applied to mitigate the risk. The Elastic Search component of Luma Knowledge has been restarted.
We are actively remediating the working to identify and remediate any potential vulnerability across all products to protect all customers and their data. We will continue to provide details of the Log4j compromise until the risk is completely mitigated.
For more information, please log a ticket or drop an email with contact the Serviceaide Support team.