Log4j - SCIM bridge affected?

SaqibsSaqibs
edited December 2021 in SCIM Bridge

Hi all,

I have seen a post in a separate section on here stating the Log4j is vulnerability does not affect the 1Password app, I wanted to get further clarification that the SCIM bridge is not affected by the Log4j vulnerability.

Your help is appreciated.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Chas_1PChas_1P

    Team Member

    Hi @Saqibs

    Thanks for reaching out. All of our products and services, including the SCIM bridge, are not affected by the Log4j security bug. Our security teams have thoroughly reviewed all our code and, although we use Java for some internal tools and services, our review indicates that they were not directly exploitable. Our SCIM bridge does not use Java at all, and has no connection with Log4j.

    I hope that answers your question, but feel free to reach out again if you have any further questions.

    Chas

  • @Chas_1P

    Thank you for the comprehensive reply!

  • ag_anaag_ana 1Password Alumni

    On behalf of Chas, you are welcome @Saqibs! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • Why isn't there a simple statement or FAQ on the website support page about this

  • Hi @JasonRH. Thanks for the question and you make an excellent point. We agree and are working on adding an official response to our support page that includes the same information we shared here, and the reply we provided on Reddit.

  • rudyrudy

    Team Member

    @JasonRH,

    We have also published an official statement on our website: https://support.1password.com/kb/202112/

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file