13 Dec Apache Log4j CVE-2021-44228
Updated 23 December 2021
For clients that are concerned about the Log4j vulnerability, the Sage 300 Development Team has investigated this, and the Apache Log4J 2 library is NOT used in the 2022, 2021, and 2020 versions of Sage 300.
While Sage 300 does use the Log4J 1 library (version 1.2.17) for the Global Search feature (used by SOLR 7.2.1), the Log4J 1 library is not affected by this vulnerability. You can view Sage’s statement on the Advisory: Apache log4j vulnerability (CVE-2021-44228).
The Apache Log4J 2 library is only used in the 2020 R2, 2021 R1, and 2021 R2 versions of Sage CRM.
Information about updates for the affected versions of Sage CRM see New patches available for 2020 R2, 2021 R1, 2021 R2 for CVE-2021-44228/ CVE-2021-45046/ CVE-2021-45105.
Sage Intacct’s initial findings indicate there are no exposed systems in the Sage Products or architecture stack that uses log4j. More information and updates in their Statement in response to the December 2021 Apache Log4j vulnerability
If you have any concerns please contact us.