IT Security

How to access services temporarily restricted due to Log4j vulnerability

Submitted by stauffeg on

Update: As of Friday, January 7, a virtual private network (VPN) connection is no longer required to access many of the campus services that were moved behind the firewall as a result of the Log4j vulnerability. This includes MyCUInfo, PeopleSoft HR, the Student Information System (SIS), Degree Audit and Transfer Credit (DATC). Salesforce and Marketing Cloud instances, which includes Buff Portal Advising, will remain behind the firewall for the time being.

Due to the active nature of the vulnerability affecting Log4j, known commonly as the Log4Shell exploit, OIT, the Office of Information Security, University Information Services and distributed campus IT practitioners have been working together to identify vulnerable, internet-facing systems and remediate threats.

Accordingly, some services have been moved behind firewalls, including Marketing Cloud and Salesforce instances which includes Buff Buff Portal Advising. Connecting to these services will temporarily require faculty, students or staff to either be on a campus network or use CU Boulder's virtual private network (VPN) when off campus. The vast majority of campus applications, including Canvas, Office 365, Google, and Zoom, will continue to be accessible both on and off-campus and without a VPN connection.

Some specially configured department VPNs may not be able to access restricted services. If this is your situation, you should use the general campus Cisco AnyConnect VPN to access these services that have been temporarily moved behind the firewalls. Please see the installation instructions on the VPN help page for instructions to set up this VPN. 

If you have questions about accessing online campus services at any time, please contact the IT Service Center at oithelp@colorado.edu or 303-735-4357. Please note that the Service Center will be open with extended hours to support campus during finals week.