All-Clear for Corporate Planning Customers
As things stand, the Corporate Planning software is not affected by the critical vulnerability (Log4Shell) in the widely used Java library Log4j, which, according to the German Federal Office for Information Security (BSI), has led to an extremely critical threat situation. The current Corporate Planner version (from 6.0.100) does not use Java. Although there is a dependency on Java technology in the previous versions, the Log4j library is not implemented.
Corporate Planning customers using Qlik Sense or CP-Connectivity Express are not affected either. Both Saxess and Qlik investigated their software products as soon as the threat became known, and both have given the all-clear.
Background
On 11 December 2021, owing to the extremely wide distribution of the affected product and the associated impact on countless other products, BSI raised its existing cybersecurity warning to Red. If the vulnerability is successfully exploited, a complete takeover of the affected system is possible. According to BSI, the full extent of the threat cannot be conclusively determined at present. But one thing is certain: Corporate Planning customers are not affected as things stand.