760-929-4808 option 2
Monday, December 20, 2021

Background

The log4j vulnerability as reported by CISA and other cybersecurity organizations, known as CVE-2021-44228, is a very serious and widespread vulnerability affecting large amounts of companies and organizations, directly or indirectly.

As a trusted partner to thousands of customers, including banks and financial institutions, AP Technology takes these events very seriously and does relevant due diligence when we believe it may affect us or our customers.

Impact

Our engineering team has done a thorough analysis of our source code, tools, plugins and other areas potentially affected by the log4j vulnerability and can in summary report that AP Technology and its products are not affected by this exploit. Some of our products, as listed below, use a port of log4j for the .net framework known as log4net, however as the specific exploit is in relation to log4j-core there is no immediate impact to ports such as log4.net. Please see the NIST vulnerability statement for more detail.

For completeness, the following is a list of our products and related log4* components:

Product Uses log4j Uses log4net Impact from log4j / log4shell / CVE-2021-44228
APSecure No Yes for specific functions None
SecureCheck No Yes for specific functions None
ezSigner No No None
SecurePay No No None
Checkrun No Yes for specific functions None

 

If you should have any concerns or questions, please reach out to your designated contact or through our support department using this contact form.