13 December 2021 12:40:00
This statement concerns the Log4j vulnerability (CVE-2021-44228) - details here https://www.ncsc.gov.uk/news/apache-log4j-vulnerability - in relation to Exegesis products, hosted applications and services.
Our main products CAMS, HBSMR, and CMSi do not use this component.
We have carried out a thorough check of our hosted services and are pleased to report that we have found no evidence of any of our systems using Log4j2 version 2.x (the affected version).
In addition we have checked our main firewall (Sophos) which has Intrusion Prevention System (IPS) signatures in place to detect and protect against any attempted exploit. https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
We will continue to monitor this situation. If you have any questions or concerns please do contact us.