Monday, December 20, 2021
Background
The log4j vulnerability as reported by CISA and other cybersecurity organizations, known as CVE-2021-44228, is a very serious and widespread vulnerability affecting large amounts of companies and organizations, directly or indirectly.
As a trusted partner to thousands of customers, including banks and financial institutions, AP Technology takes these events very seriously and does relevant due diligence when we believe it may affect us or our customers.
Impact
Our engineering team has done a thorough analysis of our source code, tools, plugins and other areas potentially affected by the log4j vulnerability and can in summary report that AP Technology and its products are not affected by this exploit. Some of our products, as listed below, use a port of log4j for the .net framework known as log4net, however as the specific exploit is in relation to log4j-core there is no immediate impact to ports such as log4.net. Please see the NIST vulnerability statement for more detail.
For completeness, the following is a list of our products and related log4* components:
Product | Uses log4j | Uses log4net | Impact from log4j / log4shell / CVE-2021-44228 |
APSecure | No | Yes for specific functions | None |
SecureCheck | No | Yes for specific functions | None |
ezSigner | No | No | None |
SecurePay | No | No | None |
Checkrun | No | Yes for specific functions | None |
If you should have any concerns or questions, please reach out to your designated contact or through our support department using this contact form.