Recently, a critical vulnerability called LogJam or Log4Shell was found in Apache Log4j. This is software that is widely used in web applications and all kinds of other systems. This vulnerability allows an attacker to execute arbitrary code on the affected system.
The National Cyber Security Center indicates that it is actively scanning for the vulnerability. Security is a top priority at PFM, which is why we have checked our own systems and those of third parties since Saturday 11 December and, where necessary, have taken steps to undo the vulnerability. All this to ensure that our infrastructure is and remains safe.
A newly disclosed vulnerability affecting Apache Log4j 2 versions 2.0 to 2.14.1 was revealed on December 9, 2021, and registered with the highest severity rating, "Critical". A vulnerability with a "Critical" impact means the system could potentially be exploited by a remote attacker to make Log4j execute arbitrary code (as the user running the server, or as root).
Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Taking advantage of this vulnerability could allow a remote attacker to take control of the affected system.
PFM Intelligence Group is aware of this vulnerability. Checks have revealed no vulnerabilities and we continue to monitor our systems to ensure they remain secure.
If you have any questions regarding this message, please do not hesitate to contact us.