Background: The recently announced Log4j vulnerability is impacting many systems that rely on this popular open source package. To be impacted by this module, an unpatched server running the Log4j package must be exposed to the public internet. Additionally, this package is used with Java software implementations and on Apache web servers.
Technical Discussion: It is our current understanding that Dynamics GP is not affected as Dynamics GP does not use any components of the Java stack nor does it use the Apache web server.
There is a Dynamics community post tracking this issue: https://community.dynamics.com/gp/f/microsoft-dynamics-gp-forum/442010/log4j-vulnerability
Former Microsoft employee and GP MVP David Musgrave describes in this post the technology stack that comprises GP:
Microsoft Dynamics GP is written in Dexterity (which in turn is written in C++). Customizations can be created using C#, VB.Net or VBA 6.0. The Database and server based code is all in SQL Server.
None of these languages/environments/tools are affected.
Additionally, as a GP and/or SQL server installation would not be exposed to the public internet by default, a potential attacker would not be able to execute the Log4j exploit.
Due to the limitless options in GP add-ons, this article covers the standard GP product only. If you have further questions or would like to discuss the implications on your specific setup, please open a ticket and one of our Systems Engineers will contact you.
Comments
Article is closed for comments.