Level up your business security with free, on-demand training and certification. Explore 1Password Academy today →
Forum Discussion
Log4j - SCIM bridge affected?
Hi all,
I have seen a post in a separate section on here stating the Log4j is vulnerability does not affect the 1Password app, I wanted to get further clarification that the SCIM bridge is not affected by the Log4j vulnerability.
Your help is appreciated.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
6 Replies
rudy1Password Team
@JasonRH,
We have also published an official statement on our website: https://support.1password.com/kb/202112/
Hi @JasonRH. Thanks for the question and you make an excellent point. We agree and are working on adding an official response to our support page that includes the same information we shared https://1password.community/discussion/comment/622770/#Comment_622770, and the https://www.reddit.com/r/1Password/comments/rea7dd/what_is_1passwordcoms_exposure_to_log4j2/hoe41ci/?utm_source=reddit&utm_medium=web2x&context=3.
On behalf of Chas, you are welcome Saqibs! If you have any other questions, please feel free to reach out anytime.
Have a wonderful day :)
@Chas_1P
Thank you for the comprehensive reply!
Hi Saqibs
Thanks for reaching out. All of our products and services, including the SCIM bridge, are not affected by the Log4j security bug. Our security teams have thoroughly reviewed all our code and, although we use Java for some internal tools and services, our review indicates that they were not directly exploitable. Our SCIM bridge does not use Java at all, and has no connection with Log4j.
I hope that answers your question, but feel free to reach out again if you have any further questions.
Chas
