Issued: December 14th, 2021.
In light of the recently discovered Apache Log4j2 “CVE-2021-44228” vulnerability, Cashbook has made every effort to investigate the potential risk to our clients via our Cashbook Application.
The Cashbook application does use Log4j. However, it is not the version mentioned. The 0-day vulnerability affects only Log4j v2.x. Cashbook uses an earlier version that does not support the features that are used as a means of attack.
We would also like to highlight that any such attack to exploit a vulnerability like this is dependent on gaining direct access to the Cashbook application.
In summary, the risk to Cashbook customers at this point in time is negligible. As this situation progresses, we will keep you abreast of any new updates that may affect users regarding the Apache Log4j2 “CVE-2021-44228” vulnerability.