Apache Log4j2 RCE vulnerability (CVE-2021-44228)
Signicat are aware of and acting on the security vulnerability in the open-source Apache Log4j2 utility (NVD - CVE-2021-44228).
We are currently ensuring that we have not overlooked any use cases that could potential impact Signicat products and services. Additionally, we are assessing all internal systems and services to remediate potential vulnerable software.
Countering the log4j vulnerability was given immediate priority at Signicat. Patching of production systems and environments were prioritised on Friday 2021-12-11 where use cases for Log4j2 were identified, neutralised, and updated to be in a safe state. Signicat observed exploitation attempts to towards our systems exploring the vulnerability but there have not been signs of successfully exploitation of the vulnerability.
Signicat strongly encourage our customers to review their software and environments that contain log4j2 to update to the latest version. This includes customers that utilise Signicat’s Java connector.