Chat now with support
Chat with Support

Apache Log4j Vulnerability Update

Quest is aware of, and continuously monitoring, the recent Apache Log4j Zero-Day vulnerability (CVE-2021-44228).   While our investigation is still ongoing, we have seen no signs of exploitation of the vulnerability in Quest and One Identity products and no impact to any hosted customer environmentcustomer data, or Quest internal systems.  In addition to our efforts, we are monitoring the remediation efforts of our suppliers and sub-processors.  


Our security and engineering teams have completed their Log4j vulnerability assessment of all supported Quest and One Identity products.  The Log4j impact assessment result for each product is posted in KB articles in our Knowledge Base on our support portal, and patches or mitigations for the limited number of products that use Log4j have been published and communicated to customers registered with and current on support, via our Critical Product Notifications.   


For information about a specific product, visit the support portal ( or and navigate to that product.