Salesmate is aware of the security issue related to the Apache “Log4j2” (CVE-2021-44228). We have taken this issue seriously and conducted a thorough investigation on Salesmate products.  

Salesmate products and customer-facing tools do not use Log4j2 as a logging tool. Our products and customer-facing tools are not open to any vulnerability associated with Log4j2.  

What exactly is Log4j2?
Log4j2 is a Java-based open-source logging tool maintained by Apache Software Foundation. More details here: https://logging.apache.org/log4j/2.x/security.html

Was Salesmate affected? 

Salesmate has taken serious actions and investigation and found none of our products or customer-facing tools use Log4j2. Here’s what we have done as soon as we become aware of this vulnerability: 

  1. Complete scan of our all products and services to confirm that they don’t have any reliability on Log4j2 library. Salesmate uses a different library and do not depend on Log4j2.
  2. Taken actions against the use of any vulnerable versions of Log4j2.  
  3. Updated web app firewall rules to prevent exploitation attempts. 
  4. We will continue our vulnerability scans on Salesmate systems. 

We have requested details of any potential vulnerabilities from our sub-processors and are monitoring their responses. From the responses until now they are either not vulnerable or have already begun patching the vulnerability across their networks.

Our security team is closely monitoring the internal tools and systems the Salesmate team uses. We will continue with our precautionary checks against this vulnerability and notify our customers as needed. At this point, Salesmate customers do not have to take any actions related to their use of Salesmate software.  

If you have specific questions related to this event, please contact us at support@salesmate.io or reach out to us on chat.