Last Update: Dec 20, 2021 at 08:30 CST

At Accruent, trust is our #1 value, and we take the protection of our customers’ data very seriously.

We are aware of the recently disclosed Apache Log4j vulnerability (CVE-2021-44228).

Impact: We are actively monitoring this issue and are working to address any products or services that either use the vulnerable component Log4j or provide it to customers.

We appreciate your trust in us as we continue to make your success our top priority.

The current status by product is:

Product Status
Analytics Analytics is reported to be affected by CVE-2021-44228. The service is being patched to remediate the vulnerability identified in CVE-2021-44228.
BigCenter BigCenter is reported to be affected by CVE-2021-44228. The service is being patched to remediate the vulnerability identified in CVE-2021-44228.
Meridian Meridian is reported to be affected by CVE-2021-44228. Customer-facing services have been patched to remediate the vulnerability identified in CVE-2021-44228. We continue to patch remaining services to remediate the vulnerability.
EMS EMS Cloud is reported to not be affected by CVE-2021-44228. We continue to validate that remaining services are not affected by CVE-2021-44228.
Evoco Evoco is not affected by CVE-2021-44228
Expesite Expesite is reported to be affected by CVE-2021-44228. The service is being patched to remediate the vulnerability identified in CVE-2021-44228.
Famis 360 Famis 360 is reported to be affected by CVE-2021-44228. The service is being patched to remediate the vulnerability identified in CVE-2021-44228.
Lucernex Lucernex is reported to be affected by CVE-2021-44228. The service is being patched to remediate the vulnerability identified in CVE-2021-44228
Asset Enterprise Asset Enterprise is not affected by CVE-2021-44228.
Maintenance Connection Maintenance Connection is not affected by CVE-2021-44228.
SiteFM3 Site FM3 is not affected by CVE-2021-44228.
SiteFM4 Site FM4 is not affected by CVE-2021-44228.
Siterra Siterra is reported to be affected by CVE-2021-44228. The service is being patched to remediate the vulnerability identified in CVE-2021-44228.
Accruent Single Sign On (SSO, Central Auth) Accruent Single Sign On (SSO, Central Auth) is reported to not be affected by CVE-2021-44228. We continue to validate that remaining services are not affected by CVE-2021-44228.
TMS TMS is not affected by CVE-2021-44228.
VxField VxField is reported to not be affected by CVE-2021-44228. We continue to validate that remaining services are not affected by CVE-2021-44228.
VxMaintain/VxObserve/VxSustain VxMaintain/VxObserve/VxSustain are reported to be affected by CVE-2021-44228. The service is being patched to remediate the vulnerability identified in CVE-2021-44228.

For more information, please review CVE-2021-44228 (https://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2021-44228) and the Apache Log4j (https://logging.apache.org/log4j/2.x/index.html) post.

The information set forth above represents our good faith view of the status of our products based on the information and data available to us at this time. As we and the industry at large gain a deeper understanding of the impact and evolution of this threat, information may change.

Our systems for continuous incident detection and monitoring include detection and monitoring for potential exploitation attempts. If we identify any unauthorized access to customer data, we will promptly notify the affected customer.

We are actively working with our third-party vendors to ensure that they have mitigations in place and are updating their software or services, as needed, to remediate this issue.

As this issue continues to evolve, we may take additional remediation steps, as appropriate.

We will update our guidance as we continue to learn from our investigation, so check back from time-to-time at https://status.accruent.com/. We also recommend that you use the “subscribe” button at the top of the status page to sign-up to receive updates.