Information Security Notices

Talkdesk Partners

Talkdesk Update on Spring4Shell Vulnerability

Status: Closed.

At Talkdesk, we prioritize the security of our customers and are committed to ongoing improvements. To keep our customers informed, we offer an up-to-date overview of our response to critical Spring4Shell vulnerability.

How Talkdesk has responded

The vulnerability existing in the versions of the spring-boot was lower than 2.6.6, we have upgraded to greater than 2.6.6 to fix it. While the cave-2022-22963 affects only the spring-cloud application, the cve-2022-22965 affects all the spring-boot applications. The security team created tasks for each team to fix respectively

Update: October 2022

Talkdesk is aware of the recently announced Java Spring Framework vulnerabilities (CVE-2022-22963 and CVE-2022-22965) — generally being referred to as Spring4Shell. These vulnerabilities potentially enable an attacker to execute arbitrary code resulting, in the worst case, in full code execution (RCE) compromise.

Talkdesk is actively monitoring the still evolving situation and updates with regards to the Java Spring Framework, and our Security team is actively evaluating how this vulnerability may affect Talkdesk products and services.

We will provide updates as more information becomes available and we complete our investigation. If you have further questions, please reach out to your customer support manager or our Support team.

Talkdesk Update on the Log4j Vulnerability

Status: Closed.

At Talkdesk we take the security of our customers very seriously and strive to continuously improve it. To keep our customers informed, we provide an updated overview of our response to the recent critical CVE-2021-44228 vulnerability in the Java logging library Log4j.

How Talkdesk has responded

Talkdesk became aware of the critical vulnerability identified in CVE-2021-44228 (Log4Shell) on December 10, 2021 and immediately started the vulnerability management process to evaluate potential impact and areas of risk to Talkdesk. Our security and engineering teams promptly began steps to remediate any potential exposure, while patching and monitoring for any indicators of compromise through the implementation of detective and preventive controls.

At this time we have not identified any exploitation in our services, and we are not aware of any impact to any customer account.

Talkdesk is also actively assessing this risk in our supply chain and will continue to work with our supply chain vendors until we are assured that no risk is posed to our system.

If Talkdesk becomes aware of unauthorized access to our environment, we will notify impacted customers without unnecessary delay.

Update April 1, 2022

Talkdesk has fully remediated the Log4j vulnerability identified in CVE-2021-44228, CVE-2021-44832, CVE-2021-45105, and CVE-2021-45046. Talkdesk will continue to monitor for further developments related to Log4j vulnerabilities and respond accordingly.

Update January 25, 2022

Talkdesk has addressed the vulnerabilities associated with CVE-2021-44228 , CVE-2021-44832, and CVE-2021-45046 by applying the proper patches provided by software manufactures.

Talkdesk will continue to monitor developments related to Log4j vulnerabilities and act quickly. We appreciate your trust in us.

Update December 29, 2021

Talkdesk continues to follow our vulnerability management process and remediating the vulnerability announced in CVE-2021-4104 and CVE-2021-45046. Thus far, we believe that every customer facing service is appropriately remediated.

In addition, for the near term, Talkdesk will periodically assess our supply chain to determine the extent to which they are impacted by the Log4j vulnerability and ensure all steps have been taken toward remediation.

Talkdesk’s security team continues to maintain additional controls intended to detect and prevent exploitation of our environment. In case of any relevant developments, Talkdesk will keep updating this site accordingly.

Update December 20, 2021

Following our vulnerability management process, Talkdesk is responding to the recent vulnerabilities announced in CVE-2021-4104 and CVE-2021-45046. Talkdesk is aware of the recent updates made by Apache concerning CVE-2021-45046 and is evaluating the potential impact of this advisory and following applicable remediation processes.

While that process is ongoing, Talkdesk’s security team continues to monitor for any indicators of compromise through the usage of detective and preventive controls.