We have received a number of questions from Clients reporting from security news outlets of a critical vulnerability CVE-2021-44228 in the Apache Log4j library. Millions of Java applications use this library to log error messages. We wanted to provide information to Clients who are understandably interested to know if Safeguard Global is affected.
Safeguard Global utilizes the Log4j library in one application related to Unity Payroll. This application does have additional layers of abstraction and security present that the exploit does not circumvent. In addition, Unity Payroll has recently undergone regular penetration testing, and we are confident that the threat posed by this exploit is low.
Since learning of the exploit, we have configured additional firewall protection to block any traffic related to this vulnerability. We are planning further remediation to update the Log4j implementation and will keep Clients informed.
If you have any questions in the meantime, please contact your Service Delivery Manager or email email@example.com.