Products: TMS and Flexipay 

PRIORITY 1 INCIDENT: NOTIFICATION OF CRITICAL VULNERABILITY  

Advanced has been working through the critical vulnerability that was discovered on 10 December 2021, referred to as Log4j and registered as CVE-2021-44228, as a result of the UK National Cyber Security Centre (NCSC) issuing an alert stating they had detected some activity relating to this in the UK. The US Cybersecurity and Infrastructure Security Agency (CISA) issued a similar alert. 

Log4Shell is an actively exploited remote code execution vulnerability in the open-source Log4j 2 logging library. Log4j is used in numerous Java applications and is present in many services as well as a wide range of cloud services. 

The Advanced Cyber Security team raised a Priority 1 Incident immediately to scan and identify products and services which could be affected. 

Our security testing has not identified any exploitable vulnerabilities related to this issue in this product. We are continuing to analyse the issue and will advise with any updates. We would advise that if you are hosting your Advanced application on your own infrastructure that you continue to perform full scans of that environment. 

If you or your team would like more information on this vulnerability, please visit The UK National Cyber Security website Alert: Apache Log4j 2 vulnerability (CVE-2021-44228) - NCSC.GOV.UK. 

If you have any further concerns please contact our Support Team. 

Thank you for your understanding and patience.   

Your faithfully 

Justin Young 

Director of Security and Compliance > Advanced