A recent security vulnerability (aka Zero-Day exploit) was reported by a company named Cyber Kendra that affects the Apache eco-system and its underlying Java component used for data logging.
Many GP customers & clients started to worry about the vulnerability and if there GP environment could be prone to an attack from hackers due to that zero-day security flaw. The short answer is: No, it shouldn’t. To my knowledge none of the components used to setup GP, and in particular the Web Components, makes use of Java libraries or any Apache components.
That being said, I’ve yet to see an official statement from Microsoft that confirms this, but as a former coder/programmer, I’m fairly confident that there isn’t any risks associated with that threat for GP’s eco-system, as Microsoft uses the IIS and ASP .NET platform for that purpose. None of that requires Java or Apache components to be installed.
If you’re interested in more technical details, there are plenty of web sites out there that talk about the recent discovery, but this one seems pretty well done and explains with a graphic how an attack would unfold on your systems (given it’s facing the Wild Wild West open internet)
Hope that you enjoyed reading this and until next post, wish you a happy life.
Update (2021-12-15): Following this community thread that was started on 12/13, Microsoft confirmed that there is nothing from that vulnerability that affects Dynamics GP. https://community.dynamics.com/gp/f/microsoft-dynamics-gp-forum/442010/log4j-vulnerability/1214737
Leave a Reply