Call Toll Free: 888-623-2374

Request InformationSupport

PunchOut2Go Security Update Regarding the Log4j Vulnerability

Read how PunchOut2Go is protecting customers' data from the recently discovered Log4j vulnerability threat.

Posted on 12/16/2021. 

PunchOut2Go Security Update Regarding the Log4j VulnerabilityScreen_Shot_2021-12-16_at_8.32.00_AM.png

It is our policy at PunchOut2Go to maintain the security and confidentiality of our customers’ information. We continue our analysis of the remote code execution vulnerability (CVE-2021-44228) related to Apache Log4j (a logging tool used in many java-based applications) disclosed via GitHub on December 9, 2021. As we and the industry at large continue to gain a deeper understanding of the impact of this threat, we want to relay our current standing and emphasize our continued diligence to defend against this and other potential attacks. 

The Log4j vulnerability is not applicable to PunchOut2Go's core application or solutions. We are now working with our cloud services partner, Amazon Web Services (AWS), and our logging partner, Elastic, to review any mitigations that are specific to their tools and environments. We have already deployed all Log4j updates to our web application firewall (WAF) that AWS has published, installed the provided security patches from Elastic, and we will continue to monitor for any new updates.

In addition to monitoring the threat landscape for attacks and developing customer protections, our operations team will continue to review and analyze our products and service providers to take expedited steps to mitigate any vulnerabilities.  As always PunchOut2Go will continue to utilize industry best practices to keep your data as safe as possible.  If you have any questions about PunchOut2Go’s security practices, please send email to support@punchout2go.com.

We're glad you are here. Let us help you integrate!

Request more information about PunchOut2Go and our Solutions.