I reached out to our CSM and received the following communication for the time being.
The UiPath Security and Product Engineering teams are completing the exposure analysis of the Log4J vulnerability, categorized as CVE-2021-44228 and taking mitigation actions. At this time, UiPath has found no evidence of risk associated with this vulnerability for the following products:
- Studio (all types), Assistant, Robot (all types including AI Robots, Cloud Robots, etc.)
- Orchestrator
- Automation Hub (including Task Capture)
- Data Services
- Task Mining
- Process Mining
- Test Manager
- Automation Ops
- Action Center
- Apps
- AI Center
- HAA
- All UiPath Activity Packages published to the UiPath Official Feed
- Automation Cloud supporting services not accessible by customers
The following products are still under investigation by UiPath:
- Insights
- Automation Suite supporting services
Customers using Elastic Search which is commonly leveraged alongside UiPath products should be aware that Elastic has announced that that versions 6.x and 7.x are mitigated, however customers should follow Elastic announcements via their blog.
ashokkarale
anjani_priya
Dheerendra_vishwakarma
Parvathy
Aakash_Singh_Rawat
Luis_Fernando
bjorn2390
neco
pere
Shiva_Nikhil