illustration of a padlock on a backlit hexagonal surfaceillustration of a padlock on a backlit hexagonal surface

Customer

Information About the Apache Log4j Vulnerability

By   |  

On Dec. 10, we posted a Dell Security Notice about the Apache Log4j vulnerability. This notice is where our customers can find all critical, up-to-date information including an FAQ and a list of Dell impacted products. Now, let me break down the other details you need to know.

    • To date, we’ve assessed 97% of our product offerings, the majority of which are not impacted. We are working quickly to assess the rest of our products.
    • For many of the impacted products, we have already begun posting remediations and workarounds and expect more to be posted on Dec. 15. We’ll continue to communicate remediations and workarounds via the Dell Security Notice as they become available.
    • We recommend Dell Customers subscribe to our security alerts service to be notified when new patches are published.
    • Customers can view our assessment and remediation planning progress against the full list of Dell products in this impacted products document.
    • We’ve mitigated the vulnerability in the hosted platforms on our corporate network that serve our customers.

If you have questions, please reach out to customer support. The security of our network and products is a top priority and critical to protecting our customers. Our teams have been working around the clock to address this issue since it became publicly known, and we will not rest until all known issues have been resolved on behalf of our customers, and we will not rest until all known issues have been resolved on behalf of our customers.

John Scimone

About the Author: John Scimone

John Scimone serves as President, Chief Security Officer for Dell Technologies, where he leads the company’s global corporate security and resiliency programs. John’s responsibilities span the full spectrum of strategy, planning and operations, aiding the Dell Technologies businesses in the management of security risk across the physical and cyber domains. He is also charged with the advocacy of business resilience, including crisis management, business continuity and disaster recovery. Before joining Dell Technologies, John served as the Global Chief Information Security Officer for the Sony Group family of companies where he was responsible for building Sony’s first global information security and privacy organization and leading strategy, policy and operations. Prior to joining Sony, he also held a number of leadership positions at the U.S. Department of Defense (DoD), including as Director of Security Operations for the Secretary of Defense's communications office, where he led the facility, personnel and cybersecurity programs. John formerly served as a member of a predecessor organization of U.S. Cyber Command, where he led the development of enterprise information security programs that protected information belonging to the DoD’s more than two million employees. John holds a Bachelor of Science in Computer Science from Georgia Institute of Technology.