Categorized in: 

Salesforce and Marketing Cloud Security Vulnerability


To access Salesforce and Marketing Cloud, eComm users must be either on a CU network or use a CU VPN connection.


A recently identified security vulnerability (Log4j) is a global issue that, while not unique to CU, impacts the university broadly. The vulnerability is in software commonly incorporated in web and Java applications. UIS and campus IT teams are working to resolve this issue but, in many cases, we are dependent on vendors issuing software patches.

To mitigate this vulnerability UIS and campus IT teams are making changes to protect applications that have highly confidential data, including Salesforce and Marketing Cloud.

Next Steps

If you are not currently using a CU VPN when not on a CU network, please use the campus-specific resources below to comply with this critical security update:


Your eComm specialist(s) worked to test access and functionality using the VPN on Sunday, Dec. 12. Here are a few tips that may be helpful.

  • Ensure that your browser is up to date.
  • Clear your cache. 
  • Restart your computer.
  • If your VPN gives you a drop down of connection options, choose the "full tunnel" option to access all functionality in Salesforce and Marketing Cloud. Note: some campuses do not have drop down options because they provide full tunnel access by default.

Where to Get Help

Contact your campus IT help desk (links and phone numbers above) for support with the following:

  • Any issues related to the VPN itself, such as installation, configuration, and functionality
  • Any issues related to single sign-on (SSO) when attempting to login to Salesforce

For all other eComm related issues, please continue to contact your eComm Specialist(s) if you have any questions or concerns.