Log4j Update

December 15, 2021

Laptop with codeProvation is monitoring the developing security event related to the remote code execution vulnerability in the Apache Log4j 2 utility, a logging service used in many Java-based applications (CVE-2021-44228). We are deeply committed to the security of our solutions and the security posture of our customers.

Out of an abundance of caution, Provation diligently investigates all potential threats to our products. Upon disclosure of this vulnerability, an internal investigation was immediately initiated. This active investigation includes a deep analysis of Provation software as well as other tools and third parties that we utilize. To date, we have not discovered any exploitable Log4j 2 vulnerabilities in our applications or services.

In accordance with best security practices, Provation recommends that customers work with their internal IT personnel to assess their environments for any vulnerabilities and implement whatever remediations are necessary, especially those concerning the Log4j 2 issue referenced above.

We continue to be committed to our purpose: To empower Providers to deliver quality healthcare for all.