IMPORTANT INFORMATION FOR OUR RECKON USERS REGARDING SINGLE TOUCH PAYROLL PHASE 2

Click your respective product link below to learn more.

Reckon products and the Log4j vulnerability

RavRav Administrator Posts: 11,798 Community Manager

RECKON PRODUCTS AND THE LOG4J VULNERABILITY

On Dec 9 2021, a remote code execution (RCE) vulnerability in Apache log4j 2.x was identified being exploited in the wild.

Public proof of concept (PoC) code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. This has been identified as CVE-2021-44228 in Common Vulnerabilities and Exposures listings and is also known as Log4Shell. 

For further information consult the NIST Listing here: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Reckon has conducted a full investigation throughout its source code and can confirm that no Reckon product was, or is, vulnerable to CVE-2021-44228.


Additionally, Reckon is assessing all suppliers that are significant sub-processors of Reckon Customer data, and is pleased to report that the vast majority are not impacted by CVE-2021-44228 and where they are, mitigation actions are taking place. You can view our list of sub-processors here 


Reckon will continue to monitor for any future developments in regards to this vulnerability and take further action if required.

This discussion has been closed.