x Want to participate? Join the group to interact
Options
  • Locked Locked
  • Replies 0 replies
  • Subscribers 71 subscribers
  • Views 718 views
  • Users 0 members are here
Browse Forums
Announcements
152
topics
130
replies
General Discussion
371
topics
734
replies
Sage HRMS Training
139
topics
97
replies
Announcement!
This is a notification for product news or an alert. If you have a question, please start a new discussion
KathleenF

Advisory: Apache log4j vulnerability (CVE-2021-44228)

Posted By

References

https://logging.apache.org/log4j/2.x/security.html

https://www.ncsc.gov.uk/news/apache-log4j-vulnerability 

A vulnerability rated with a Critical impact is one which could potentially be exploited by a remote attacker to get Log4j to execute arbitrary code (either as the user the server is running as, or root). These are the sorts of vulnerabilities that could be exploited automatically by worms.

The Sage HRMS Development Team has investigated this, and the Apache Log4J 2 library is NOT used by Sage HRMS, Sage Employee Self-Service, Sage HRMS Payroll, or Sage My Workforce Analyzer.

The SAP team has also confirmed there is no impact with Crystal Reports, and Aatrix, which we use for payroll e-filing, has assured us their products are not impacted.

It is important to note that while Sage has confirmed as many of our integrated applications and services as possible, applications and services provided by independent software vendors may still have vulnerabilities.  Customers should work with their reseller to ensure that their systems are secure. 

References

https://access.redhat.com/security/cve/cve-2021-44228

https://solr.apache.org/news.html

https://launchpad.support.sap.com/#/notes/3129956 

Please watch the following Sage City links for news: https://www.sagecity.com/us/sage_hrms/f/announcements-news-updates

*Community Hub is the new name for Sage City