[Update Dec 20, 2021]
We are continuing to monitor Log4J situation. We have analyzed the recently reported CVE-2021-45046 and CVE-2021-45105 vulnerabilities and found that there are no additional concerns for the current version of Signals Inventa (3.0) or older versions formerly known as Signals Lead Discovery (versions 2.0 - 2.5), other than those noted below.
We continue to recommend users update to the latest version of Inventa. If an upgrade is not possible, then users of Signals Lead Discovery 2.5 and below should follow the mitigation instructions attached to this article.
- Inventa 3.0 is not vulnerable (this includes the Inventa 3.0 bundled with VitroVivo 3.0). We recommend all Signals Lead Discovery customers upgrade to Inventa 3.0 as soon as possible.
- Signals Lead Discovery 2.5 and below does contain a vulnerability (this includes the SLD versions bundled with Signals Screening 2.5 and below). However, we have not found a means by which the vulnerability can be exploited. We strongly recommend updating to Inventa 3.0. If an upgrade is not possible please follow the mitigation instructions attached to this article.
- Lead Discovery Premium is not vulnerable
- Lead Discovery is not vulnerable