Fundserv Update on Log4j Vulnerability – CVE-2021-44228
Updated: December 16, 2021, 8:24 am
Fundserv continues to actively investigate a critical vulnerability in Log4j, a popular open-source library for logging in applications, that has affected websites around the world. We continue to assess the impact this vulnerability and its exploits may have or have had on our environments.
What we know:
– We’ve been aware of the security advisory communicated by security researchers since Thursday, December 9, 2021.
– Several Fundserv products incorporate Apache Log4j.
– We have no evidence of exploitation of our critical and member-facing applications environments at this time.
What we can confirm:
– Any risk posed by this vulnerability has been remediated in Fundserv’s member-facing applications and solutions.
– Any risk posed by this vulnerability does not apply to our API platform.
– Any known exploitable instances of Log4j have at this point been mitigated.
What we’ve done:
– We have audited our code repositories, third-party software, and production and non-production environments to identify any vulnerable installations of Log4j.
– As part of our ongoing cybersecurity activities, we have performed a business impact review, which will help detect and respond to any potential attempts using this attack vector.
– We have reached out to our third-party partners and vendors to review actions undertaken by them.
– Our MDR (Managed Detection and Response) partner has developed a prevention policy that will help identify any exploitation attempts. They are on heightened alert for any abnormal activity.
– Our Threat Intelligence team is actively tracking this threat for additional details, vulnerabilities and detection opportunities
Our continued next steps:
– We continue to closely monitor the situation both internally and with our partners.
– We will continue to investigate, monitor and research potential exploits and vulnerabilities associated with these findings and will take action accordingly.
We will provide an update when additional information is available.
We thank members in advance for their patience on this evolving situation. If you have any questions, please contact firstname.lastname@example.org.