Some of the Cyberark Products like Privilege Cloud, Remote Access, Connector, Secure Web Sessions have been affected by Log4j Vulnerability and rest of the products like Cloud Entitlements Manager, EPM, HTML5 Gateway, Identity (excluding SWS), SIM, MarketPlace components, CPM Plugins,Secrets Manager have been unaffected by this. For the affected products fix or mitigation steps have been already provided by Cyberark team as noted below..
| Cyberark Product | Status | Patched? |
|---|---|---|
| Cloud Entitlements Manager | Not Vulnerable | Not Needed |
| Endpoint Privilege Manager (EPM) – Agents | Not Vulnerable | Not Needed |
| Endpoint Privilege Manager (EPM) – EPM Server (On-Premise) | Not Vulnerable | Not Needed |
| Endpoint Privilege Manager (EPM) – Service (SaaS) | Not Vulnerable | Not Needed |
| HTML5 Gateway | Not Vulnerable | Not Needed |
| Identity – Mobile App | Not Vulnerable | Not Needed |
| Identity – On-Premise Components | Not Vulnerable | Not Needed |
| Identity – Secure Web Sessions (SWS) | Vulnerable | Patched |
| Identity – Service (SaaS) | Not Vulnerable | Not Needed |
| Legacy Sensitive Information (SIM) | Not Vulnerable | Not Needed |
| Marketplace components – Certified and Trusted Marketplace Components | Not Vulnerable | Not Needed |
| Marketplace components – CPM Plugins | Not Vulnerable | Not Needed |
| Marketplace components – PSM Connection Components | Not Vulnerable | Not Needed |
| On-Demand Privileges Manager (OPM) | Not Vulnerable | Not Needed |
| PAS Self Hosted (Vault, PVWA, CPM, PSM, PSMP) | Not Vulnerable | Not Needed |
| Privilege Cloud – On-Premise Components | Not Vulnerable | Not Needed |
| Privilege Cloud – Service (SaaS) | Vulnerable | Patched |
| Privileged Threat Analytics (PTA) | Workaround | Patched |
| Remote Access (Alero) – Connector | Vulnerable | Patched |
| Remote Access (Alero) – Mobile App | Not Vulnerable | Not Needed |
| Remote Access (Alero) – Service (SaaS) | Vulnerable | Patched |
| Secrets Manager Conjur Enterprise | Not Vulnerable | Not Needed |
| Secrets Manager Credential Providers | Not Vulnerable | Not Needed |