Our security team is actively investigating both L1N and customer systems to confirm if they are susceptible to the Log4j vulnerability that is now known as “Log4Shell”. This threat has a CVSS score of 10 (the highest) and affects numerous systems around the world.
At this time, we have found one internal application that is at risk. Steps have been taken to mitigate the risk, and the application vendor has issued a patch that we are currently evaluating. No customer applications have been found to be vulnerable at this time.
Please note that this threat assessment is fluid, and may be updated as new information comes to light. We are working closely with our vendors, and vendors of our customers, as they attempt identify the risk associated with their application(s).