Threat response: Apache Log4j (CVE-2021-44228)
» View Event Details | Created
Resolved
We are aware of the recent notification of critical vulnerability in Apache Log4j 2 (CVE-2021-44228). We have reviewed all our infrastructure and services have confirmed that none of our hosts or infrastructure were exposed to this vulnerability.
Our public-facing applications do not use the affected package. Some of our internal tools (not public-facing) do use this software - these have been updated over the course of the weekend and today (Monday) to versions which mitigate the vulnerability.
No action is required from customers.
Posted: