Centercode’s platform and tools that process customer data do not use Log4j2 as a logging mechanism and as such are not vulnerable to the current set of vulnerabilities that have been described in the various CVE issues found in relation to Log4j2, as of 2021-12-20.
Centercode has also reached out to our sub-processors that can potentially interact with Customer data to verify that they are neither affected nor are actively patching against these vulnerabilities. So far we are satisfied that all of our sub-processors are in compliance with these processes.
We will continue to monitor and investigate any possible exposure to these vulnerabilities and will immediately alert our customers per our SLA. We do not currently see any need for our customers to take any action in relation to the Centercode platform at this time.
QUESTIONS? SECURITY@CENTERCODE.COM