SKILLSOFT COMMUNICATION REGARDING LOG4J
Is Skillsoft currently vulnerable to Log4j exploits?
No, the proactive actions undertaken by Skillsoft on Friday, December 10, 2021, during the unscheduled maintenance period, have addressed all related Log4j vulnerabilities in both application and infrastructure for all Skillsoft Hosted Services.
Have there been any breaches in Skillsoft Hosted Services as a result of the Log4j vulnerability?
No, detailed security audits performed across all Skillsoft Hosted Services confirmed that at no time were customer sites or data exposed because of the Log4j vulnerability.
Was Skillsoft able to protect itself from Log4j exploits?
Yes, this was the purpose of invoking the precautionary emergency maintenance window on Friday, December 10, 2021. During that period, expedited efforts were undertaken to update Applications, Intrusion Prevention Systems, Web Application Firewalls and Load Balancers to insulate from Log4j vulnerabilities.
What versions of Log4j are present or in use within Skillsoft Hosted Services?
As a countermeasure to intelligence gathering, Skillsoft will not release, under any condition, the make, model, or manufacturer of any network or security device in use within Skillsoft’s Hosted Services to our customers. This includes the release of information related to:
- Firewall-related hardware, software, or settings
- Intrusion Detection System-related hardware, software, or settings
- Network penetration testing
- Vulnerability scanning
- Network topology
- Internal IP scheme
- Operating Systems configuration and security settings
- Software vendors and version used
Ongoing actions
Skillsoft continues to actively monitor for any and all Log4j developments and is prepared to respond aggressively to implement any newly recommended system or application updates necessary to protect Skillsoft’s Hosted Systems and our customers’ data.