Update : Thursday 16th December 2021 13:30 GMT
Having done extensive testing, Puzzel is now confident that we have limited exposure to any attacks. Rest assured that Puzzel will implement any software patches that Verint provide over the coming days but we will continue to monitor the solution both manually and through our security tools.
Please continue to monitor this page for further information.
Thursday 16th December 2021 11:30 GMT
We are shortly planning to re-enable access to the Verint Solutions.
In response to the CVE-2021-44228 and while we wait for official software patches from Verint, Puzzel has taken some measures to secure the Verint platform against any attacks. Once we re-enable access, there maybe some limitations in functionality as we have increased the security measures protecting the environment. We continue to work hard to ensure that all functionality is restored at the same time as making sure the platform is secure.
We will continue to keep you updated throughout the day.
Wednesday 15th December 2021 15:00 GMT
While we wait for Verint’s formal fixes, we have updated our security protection mechanisms and we are working to optimise and verify the solution to make sure we have mitigated any risks from this threat. We will continue to keep you updated.
Apache Log4J Vulnerability
Puzzel is aware of the recently identified Apache Log4J vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2021-44228
The following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
Puzzel has identified that the current version of Verint Workforce Engagement is potentially affected by this vulnerability and as a precaution we have temporarily disabled access to the following products
- Verint Workforce Management
- Verint Quality Monitoring
- Verint Performance Management
- Verint Speech analytics
Verint are currently working on a fix for this issue and as soon as it is released to Puzzel, we will deploy it during an emergency change window. In the meantime we will work towards finding ways to mitigate any risk and will work towards re-enabling access as soon as possible.
We will keep updating this page to give you the latest information.
Please read the attached document from our Chief Information Security Officer [CISO] for more information on the actions taken by Puzzel in this regard.