Security vulnerability update: Log4Shell
Security vulnerability update: Log4Shell
As a priority, the TP ICAP Security team continues to investigate and evaluate the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell.
This vulnerability was disclosed by the Apache Log4j project on Thursday 9 December, 2021. If exploited, it could potentially allow a remote attacker to execute code on the server.
There is no evidence that this vulnerability has been exploited successfully against TP ICAP. Since learning of the vulnerability, TP ICAP has been evaluating its exposure and methodically remediating as patches have become available.In addition, we have been deploying signatures and enhanced security controls to further protect our environment from the Log4j exploit.
Based on ongoing threat intelligence as the situation evolves, we will continue to assess the impact on TP ICAP's systems and remediate or mitigate as required. We will provide further updates as necessary.
Please don’t hesitate to contact your TP ICAP coverage or account manager if you have any questions.