Company

Critical vulnerability discovered on December 10 in the Log4j Java library

Last updated on December 14th

The situation is still well under control and no intrusion or performance impact has been reported. Our teams continue their work. The inventory of the components and offers affected by this alert was carried out yesterday morning. The mitigating actions have been launched immediately and we are progressively deploying any modifications once they have been rigorously tested in operational conditions. A specific communication will be made via Cegid Customer Care if your solution or specific configuration is concerned. To date, all applications and data are protected and your activities are not impacted.

As soon as the global security breach targeting Java components was announced on December 10, Cegid’s Cloud teams, in coordination with their technology partners, were mobilized to measure the possible impacts and strengthen security. Cegid confirms today that its protection tools have repelled the waves of attacks and no intrusion has been reported. Placed in ‘hyper care’ mode, Cegid Cloud teams are working in close collaboration with their partners to conduct additional investigations and immediately update any component that may still be at risk.
All measures are in place, Cegid remains on high alert and informs its customers regularly. For Cegid customers who are still on Premise, the implementation of a reinforced system protection is essential, and Cegid strongly encourages its customers to apply the usual recommendations: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-022/ .
This type of situation confirms that the move to the Cloud allows an optimized defense of applications and data.