The global cybersecurity community has been abuzz about the Apache Log4j vulnerability. It is widespread and affecting large companies, hospitals and our nation’s military. The Department of Homeland Security is calling it the most serious flaw in decades, and has urgently ordered federal agencies to find and patch the bugs.
About the Apache Log4j Vulnerability
The open-source Apache Software Foundation developed the affected Log4j software. It is written in the popular and widely used Java programming language and runs across many platforms, including Windows, Linux and macOS, and logs user activity. It powers everything from computer and web applications, to web cams, navigation systems and medical devices. It’s basically ubiquitous.
“Lodged in an extensively used utility called Log4j, the flaw lets internet-based attackers easily seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a challenge; it is often hidden under layers of other software,” as stated in an Associated Press article.
The Apache Software Foundation has developed a patch to fix it and cybersecurity experts and developers around the globe are working feverishly to detect any exploitation attempts and apply the patch.
Sage Fixed Assets Solutions are Not Affected
Sage development teams have investigated its products and has found that Sage Fixed Assets does not use the Apache Log4j library and, therefore, is not affected by it. In addition, Sage has reported that the SAP team has confirmed that there is no impact on Crystal Reports, which is used by Sage Fixed Assets.
Sage has cautioned that if your Sage Fixed Assets solution is integrated with any of the following other Sage solutions, check the specific Sage product support site for further Apache Log4j vulnerability.
- Sage 50 US
- Sage 100
- Sage 300
- Sage 500
- Sage Intacct
- CCH ProSystem fx Tax
- Abila MIP Fund Accounting
See the Sage Knowledgebase article about the Apache Log4j vulnerability for more information.
Paragon’s Sage Fixed Assets Cloud Hosting is Not Vulnerable
Paragon’s Sage Fixed Assets cloud hosting partner, Summit Hosting, has advised our hosting clients and us that their systems are safe. Their Security Operations team conducted an exhaustive investigation into all components of their technical stack and service delivery model, and they have determined that the Summit Hosting system is not susceptible to the Apache Log4j vulnerability.
Summit Hosting continues to remain vigilant by keeping in touch with all of their vendors and performing frequent security scans.
Questions? Want More Information?
The U.S. government’s Cybersecurity & Infrastructure Security Agency (CISA) has published a site for Apache Log4j vulnerability guidance. It includes a community-sourced repository of commercially available software products along with additional vendor status information.
You can count on Paragon to work with our partners to keep your Sage Fixed Assets solutions safe and secure. If you have any questions or would like to discuss Paragon’s Sage Fixed Assets cloud hosted solution, please don’t hesitate to contact us.
Sources: Associated Press News, Sage, Summit Hosting, U.S. CISA