No Danger from Java Vulnerability
All-Clear for Corporate Planning Customers
As things stand, the Corporate Planning software is not affected by the critical vulnerability (Log4Shell) in the widely used Java library Log4j, which, according to the German Federal Office for Information Security (BSI), has led to an extremely critical threat situation. The current Corporate Planner version (from 6.0.100) does not use Java. Although there is a dependency on Java technology in the previous versions, the Log4j library is not implemented.
Corporate Planning customers using Qlik Sense or CP-Connectivity Express are not affected either. Both Saxess and Qlik investigated their software products as soon as the threat became known, and both have given the all-clear.
Background
On 11 December 2021, owing to the extremely wide distribution of the affected product and the associated impact on countless other products, BSI raised its existing cybersecurity warning to Red. If the vulnerability is successfully exploited, a complete takeover of the affected system is possible. According to BSI, the full extent of the threat cannot be conclusively determined at present. But one thing is certain: Corporate Planning customers are not affected as things stand.
Proactive Security Measures for Enterprise Software
The incident underscores the importance of proactive vulnerability management and continuous monitoring in enterprise software environments. At Corporate Planning, regular security audits, prompt patch management, and adherence to industry best practices are key elements of our cybersecurity strategy. By staying ahead of potential threats and ensuring transparency in our communication, we help our customers maintain trust and confidence in our solutions – even in times of heightened security concerns. This approach ensures that critical business data remains protected at all times, regardless of external developments in the software landscape.
Security through transparency and active risk management
At Corporate Planning, we view cybersecurity not as a one-time task but as an ongoing responsibility. The swift internal assessment and clear communication around the recent Java vulnerability reflect our commitment to transparency and professional risk management. By continuously monitoring security developments and proactively updating our systems, we ensure that our enterprise software remains a reliable and secure solution for our customers. This approach helps protect sensitive company data and strengthens long-term trust in our technology.
