Apache Log4j cyber vulnerability

We are aware of a remote code execution vulnerability (CVE-2021-44228) that is affecting multiple versions of the Apache Log4j 2 library. 

The National Cyber Security Centre (NCSC) is aware that scanning for this vulnerability has been detected in the UK and exploitation detected elsewhere. 

The NCSC has published guidance for firms to help identify if they may be affected. It will be updated regularly by the NCSC where more information is available. 

We recommend that all firms using the Apache Log4j 2 library review the NCSC guidance to ensure the safety of their firm’s systems. Please note any operational impacts associated with this issue should be escalated via normal supervisory reporting processes.