NCC not affected by Log4J vulnerability

Posted by National Crime Check on 2021-12-14

CVE-2021-44228 relates to a vulnerability in Log4j, a Java logging framework.

National Crime Check does not make use of the Java language or ecosystem or specifically Log4j.

NCC does make use of the Amazon Web Services platform. All relevant parts of this service (S3, EC2, etc) as used by NCC have been patched by AWS. See also their security update.

Investigation continues, but National Crime Check has no known service exposure to this vulnerability at this point in time.

As an additional precaution, the web application firewalls which protect the platform have been updated to include rules to block Log4J attacks.

 

Want to know more? We have a full security information pack available. Access to this requires the signing of a Non-Disclosure Agreement. If you would like access to this security information pack, please contact our business team.