Call Tracking

Know what makes your phone ring and smartly route inbound calls.

Analytics Add-Ons

Form Tracking

Learn which ads, campaigns, or keywords inspire form submissions.

Conversation Intelligence

Automatically transcribe and analyze calls using the power of AI.

Communications Add-On

Lead Center

Call, text, chat, and manage your conversations from one unified inbox.

Pricing
Industries
Agencies

Know which tactics deliver your clients' best calls and form submissions.

Real Estate

Close more qualified buyers and renters with better marketing and communications.

Healthcare

Gain the insights you need to maintain the health of your marketing campaigns.

Legal Services

Stay competitive by making the most of your marketing dollars.

Home Services

Tighten up response times — and never miss another opportunity.

Automotive

Accelerate the ads, keywords, and campaigns that drive buyers to your showroom.

Financial Services

Know what inspired your best customers to act then attract more like them.

Resources
callrail marketing graphs
Content Hub

Market smarter by keeping up with emerging trends, tips, and tools.

Integrations

Deliver automated insights by connecting CallRail to platforms you already use.

Partnerships

Learn about our affiliate, marketing agency, and technology partnerships.

(888) 907-4718 Support
(888) 907-4718

Log4Shell Security Vulnerability: What you need to know

by Elliott Wood
December 16, 2021

1/5/2022 Update: We have now remediated the Log4Shell vulnerabilities in our environment.

Your security is our highest priority at CallRail. As part of this commitment, we constantly monitor potential threats so that we can mitigate them before they become a problem. In that spirit, we want to make you aware of an emerging vulnerability that we are actively addressing.

What happened?

On Thursday, December 9, 2021, a remote code execution (RCE) vulnerability was disclosed in the Java library Log4j. This vulnerability is being tracked as CVE-2021-44228, and has been dubbed Log4Shell. If exploited, it could potentially allow a remote attacker to execute code on a target’s server.

What is CallRail doing?

Once we were made aware, CallRail promptly evaluated our environment and vendors to understand potential impact and to develop a methodical remediation plan. During the evaluation process we identified affected Log4j versions in our environment. We are currently working on remediating this vulnerability through patching and enforcing other compensating controls. We have ensured detective and preventive controls are in place to protect against possible exploitation of the impacted environment.

At the time of this post (12/16/2021), CallRail has not discovered any instances of exploitation of the Log4Shell vulnerability in our environment. We will promptly notify any impacted customers in the event CallRail becomes aware of unauthorized access to our environment.

How significant is this threat to the security of my data?

CallRail’s publicly-accessible infrastructure does not use Java or the Log4j library, so the risk of attack is low. However, some internal components were identified that are built in Java and use affected Log4j versions. These systems exist in private subnets that are not publicly accessible, and those systems have automated monitoring in place to alert our team of unexpected outbound network traffic.

We are not aware of any exploitable vectors in our own stack, but are remediating the threat immediately out of an abundance of caution.

Which sub-processors are affected by this vulnerability?

CallRail uses several sub-processors that may be impacted by this vulnerability. We are actively working on remediation for these components as well. At this time, we have not been made aware of any breaches resulting from this vulnerability.

What are the next steps for me and for CallRail?

CallRail will continue to update this page as the situation unfolds and we work to remediate this vulnerability.

You do not need to take any action at this time. We encourage you to please contact support should you need information beyond what is provided here or have any concerns about your security.

Thanks, CallRail Security