Korn Ferry’s Response to Log4j Vulnerability

Korn Ferry is aware that a critical vulnerability in Apache Log4j (CVE-2021-44228) was recently identified.

As a result of this vulnerability we have taken the following actions:

• Conducted an internal audit of systems to identify any systems using this library.
• Any systems that were found to be running a version of Log4j that is affected have been either mitigated or remediated (we are further upgrading to version 2.17 to remediate CVE-2021-45105)
• Proactively searching impacted systems for any indicators of compromise or suspicious activity.
• Confirming if any of our critical vendors are impacted by this issue.

We will continue to monitor this issue moving forward as new information is available.