An update on the Apache Log4j vulnerability
As you may be aware, a zero-day exploit for the Apache Log4j utility was announced on December 9, 2021 (CVE-2021-44228), which results in remote code execution (RCE).
We have reviewed our products and determined that they are not affected. They’re built with the .NET framework and don’t use Log4j in any way.
We also carried out an audit of our internal systems on Friday 10th December and have updated the services we use to prevent the exploitation of this issue.
If you have any questions please get in touch.
Update 15/12/2021
We have been closely following the emerging security issues surrounding Log4j.
A second vulnerability has been announced, CVE-2021-45046, and we can confirm that our products are not affected by this or the previous issue, CVE-2021-44228.
We have also continued to audit our internal systems and have updated the services we use following the advice from the Apache Foundation, to prevent the exploitation of these issues on those systems.