Reckon products and the Log4j vulnerability

Rav Administrator, Reckon Staff Posts: 13,707 Community Manager Community Manager


On Dec 9 2021, a remote code execution (RCE) vulnerability in Apache log4j 2.x was identified being exploited in the wild.

Public proof of concept (PoC) code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. This has been identified as CVE-2021-44228 in Common Vulnerabilities and Exposures listings and is also known as Log4Shell. 

For further information consult the NIST Listing here:

Reckon has conducted a full investigation throughout its source code and can confirm that no Reckon product was, or is, vulnerable to CVE-2021-44228.

Additionally, Reckon is assessing all suppliers that are significant sub-processors of Reckon Customer data, and is pleased to report that the vast majority are not impacted by CVE-2021-44228 and where they are, mitigation actions are taking place. You can view our list of sub-processors here 

Reckon will continue to monitor for any future developments in regards to this vulnerability and take further action if required.

This discussion has been closed.