Search
The cart is empty
waveKeystroke Blog

Latest Posts

Blog Categories

Facebook
Written by: Ken Quigley
Category: News

Act! & Keystroke statements on Log4j Vulnerability

The Issue: 
On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified as being exploited in the wild. Log4j vulnerability, a bombshell zero-day exploit with global impact. Public proof of concept (PoC) code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. 

Act! Statement
It was recently announced by the Apache Foundation that Log4j, a popular Java logging library, is vulnerable to remote code execution.  Immediately following the announcement of this serious vulnerability, our engineering and security teams evaluated all of our products, integrations and internal services for any potential impact.  We have not detected any exploit attempts on our systems or solutions.  We have completed an audit of our systems and do not believe this exploit represents a threat to our customers. 

It should be noted that the "j" in Log4j stands for "Java", and Act! itself does not use java components (not Javascript which we do use for act! web client as well as c#/.net), so it's unlikely we are affected. Of course, we will continue to monitor our environment and notify our customers and partners as we learn more.

Keystroke Statement
Since the vulnerability was first discovered on December 9th, we consulted with all our current developers to determine if the open-source library files involved in the Log4Shell vulnerability were used in past or present projects. After a thorough review, we have determined that none of the add-ons produced in the last 4-years use either Java components or the Log4j opensource logging software.

Additionally, our review of the code for Handheld Contact service focussed on the device software, the Windows Console, and the hosted mware services used to process Classic syncing. This review concluded that the open-source logging files were never used in either the mobile device applications and Windows, and that the log4j library files previously used with mware were replaced with java.util.Logging (the java built-in logging framework) over four years ago.  

At present we've concluded that none of the products or services we currently offer should be affected, but we provide further security statements as developments warrant.

Who we are?

Specializing in CRM software for small to medium sized businesses, through expert counsel, deployment, hosting, support, and development services.

Delivering fruitful CRM solutions since 1994, Keystroke is the #1 Act! Reseller in the World and Master Act! Distributor for Canada.

Check testimonials HERE

Policy & Terms

Terms & Conditions

Refund Policy

Affiliate Program

Latest Posts

Contact Keystroke

Get in Touch

Toronto   500 Gordon Baker Rd. Toronto, ON, M2H 3B4
Toll Free : 800.857.0558
Office : 416.499.3090
Fax : 416.499.1090
Kitchener   250 Woolwich St. S. Breslau, ON N0B 1M0
Toll Free : 800.939.4737 Ext. 1
Office : 519.579.1408
 
paybillicon56x58px  

Pay your bill online
 

Monday to Friday: 9AM to 6PM EST
Saturday & Sunday: Closed

 

Keystroke Dash
Keystroke Designer
Keystroke Alerts

 

AutoAdmin
DocAdmin
MergeAdmin
MigrateAdmin
FaxAdmin
AutoLimited Access
AutoNumbering

Your Cart

×
Customers that ordered this item frequently bundle it with the following products or services for the best user experience
Save 10% on eligible items when bundled with this product
The cart is empty
Continue shopping