Security Update: AgilePoint NX is not impacted by Log4j vulnerability
Dear Customer,
We value you and your business. With the big news that came out this past weekend about the security vulnerability in Java (log4j), we want to help you understand the problem and let you know we’ve taken steps to protect your personal information at AgilePoint.
What is log4j?
This vulnerability is the result of the widespread use of a free Apache Java library (log4j) that many programs use to log information. If an attacker causes the free Apache Java library to log a specifically crafted message, it can take over the system that the Apache Java library is hosted on.
The reason this vulnerability is considered critical is both because of the library's widespread use, and because it's extremely easy to exploit.
Your data is protected in AgilePoint NX
At AgilePoint, you will be happy to know that we don't rely on log4j for the modules that you use. We conducted a full review on Friday to validate that AgilePoint modules aren't impacted. AgilePoint is a Microsoft .Net based platform and does not use any Java library and does not even have Java Runtime as a pre-requisite hence at this time there is no evidence that any of our modules are impacted.
Over the weeks that follow, we will be keeping a close eye on this while also working to ensure all of our third party partners are taking necessary precautions as well.
If you’d like more information about log4j, the Cybersecurity and Infrastructure Security Agency (CISA) has released a statement that you can read here.
Thank you for being a valued AgilePoint customer. Your trust means everything to us.
**PLEASE WATCH THIS PAGE!
We are updating this article as we continue to learn from our investigation.
Please sign in to leave a comment.
Comments
0 comments