What can we help you with?


000003978


104

02/02/2022 17:25 PM

12.0

We are aware of the vulnerability recently identified that affects websites or applications using Java, specifically the log4j versions 2.0 – 2.14.1. These versions primarily use the "jndi:" logging. 

While we realize that this is a global Java vulnerability finding that many organizations around the world are becoming aware of, we want to assure you that we are addressing this finding with the utmost priority and are actively working to update our systems to the log4j version 2.17. We strongly recommend that you review all of your applications, as well and do the same. 

Additionally, to help prevent the library being exploited, we urgently recommend that any Java Log4j versions are upgraded to log4j-2.17.0+.

Please contact your developer, application solution and/or hosting provider for further assistance in identifying your business applications requiring this update.

More information regarding this vulnerability finding can be found below:
This article will include updates to Authorize.Net systems as they occur. 
 

Updates

Date

Update

01/13/2022
  • A new version of the Authorize.net Java SDK (v2.0.6) has been updated in our Github repository: https://github.com/AuthorizeNet/sdk-java
  • Clients using this SDK will need to install the updated SDK in their application(s) and/or apply the JVM workaround described above
12/23/2021
  • We are aware of the recently disclosed vulnerabilities in the Log4j Java library and have taken appropriate actions to protect Visa’s systems and mitigate any security risks.
  • We have upgraded all of our internet-facing applications to Log4j version 2.16 and will upgrade to version 2.17 immediately following our remediation and compliance processes.  
  • As of this time, we are not aware of any impact to Visa systems by the Log4Shell vulnerabilities.  
  • We will continue to monitor the situation closely.
12/17/2021
  • A new version of the Authorize.net Java SDK (v2.0.5) has been updated in our Github repository: https://github.com/AuthorizeNet/sdk-java
  • Clients using this SDK will need to install the updated SDK in their application(s) and/or apply the JVM workaround described above


Was this article helpful?


Articles Recommended for You