Apteco software does not use Log4j
Posted: 14 Dec 2021
Apache Log4j2 vulnerability - CVE-2021-44228
Apteco software is NOT vulnerable
Apteco software, including the Apteco Orbit platform, FastStats and PeopleStage, does not use Log4j and is not susceptible to the Log4j 2 vulnerability. Please be assured that no mitigation or updates are required for Apteco software.
Actions taken by Apteco
Apteco became aware of the Apache Log4j 2 security vulnerability on Saturday 11th December and immediately initiated steps to ensure our customers, partners and internal IT systems were protected. The mitigations taken included:
- Firewall controls updated to provide additional protection against potential attacks
- Confirmation with Apteco development team leaders that each Apteco software product is not vulnerable
- Checking our internal systems
- Checking with third-party suppliers of key production cloud services
Additional advice
If you have other applications or tools on your servers, or use third-party cloud services, we recommend checking whether they are impacted by the Log4j vulnerability.
The below websites give general guidance on the Log4j vulnerability.
- UK National Cyber Security Centre (NCSC)
- Australian Cyber Security Centre
- Bundesamt für Sicherheit in der Informationstechnik (BSI)
- Netherlands Nationaal Cyber Security Centrum (NCSC-NL)
Apteco is continuing to monitor this event and will update this web page as appropriate.