Sage and its partners take the security of its customer solutions extremely seriously, and regularly undertakes proactive testing across its products to identify potential vulnerabilities and provide fixes. Following the initial announcement of the Apache Log4j vulnerability on 10th December and subsequent updates, Sage has been investigating the potential impact on our products and services.
Our initial findings indicate there are no exposed systems in the Sage Products or architecture stack that uses log4j –where we have identified the potential for vulnerability, we have issued an initial patch – we are proactively monitoring the situation and applying and supplying new patches as and if required.
However, working with our industry peers and in an abundance of caution, we are upgrading our version of log4j in all areas of our business that use this 3rd party component.
If you have further questions, please speak to your account manager in the first instance. We thank you for your patience in this matter.