Skip to Content

Infor Responds to Help Protect Customers from the Log4Shell Vulnerability in Log4j

United States – December 22, 2021, 10:30 AM

Infor has been working to mitigate risks from a recently disclosed software vulnerability nicknamed “Log4Shell.” So far, Infor’s efforts have been successful in protecting applicable Infor products from this vulnerability in the cloud and, Infor has delivered a number of effective patches for on-premises customers to help address the vulnerability.

The company is sharing this FAQ to keep customers informed and to provide resources for assistance and additional information.

What is Log4Shell?

Log4Shell is a software vulnerability in Log4j, a popular Java code library maintained by the Apache Software Foundation. The vulnerability was publicly disclosed Dec 9, 2021. Log4Shell was assigned a common vulnerability scoring system (CVSS) severity rating of 10, the highest score. It is estimated that the vulnerability could affect hundreds of millions of devices worldwide.

How does it affect Infor customers?

Certain Infor software products are susceptible to the Log4Shell vulnerability. This includes Infor products that run in the cloud and many on-premises versions of Infor products.

What is Infor doing about Log4Shell?

For cloud environments, Infor relies on a comprehensive layered mitigation program. It employs many industry-standard practices in its cloud solution application architecture, as well as its perimeter defense configurations. Tests performed by Infor’s security teams have shown that, as of now, its mitigation program should prevent applicable Log4j exploits. Additionally, Infor security and development teams are working to further mitigate the risk by deploying updates and patches to its cloud solutions, as appropriate, within affected products.

For on-premises versions of products, Infor is working to identify Infor products that are potentially impacted by the Log4j vulnerability, and Infor continues to work to deliver software patches along with instructions to help customers apply them.

What should I be doing as an Infor customer?

If you are a cloud customer, no action is required, as Infor is responsible for maintaining the infrastructure for these environments.

If you are an on-premises customer, you can visit Infor Support Knowledge Base (KB) article 2229037, to check whether your product may be impacted, download patches, and get additional information.

What if I have additional questions, can’t find what I am looking for, or need help?

If you are an Infor customer with questions about a specific Infor product, you can visit Infor Support to connect with a support representative.

If you have more general questions about security, you can visit the Infor Cloud Security page to learn more about how Infor handles security, or send an email to Infor’s security team at security@infor.com.

Filed Under
  • Bulletins
Region
  • Worldwide
  • North America
Let’s Connect

Contact us and we'll have a Business Development Representative contact you within 24 business hours

Infor values your privacy.