Mercer | Mettl platform has resolved the Log4j flaw within the platform to remediate the vulnerability. A recently disclosed RCE Vulnerability affects Apache Log4j versions 2.0-beta9 to 2.14.1 (CVE-2021-44228 and CVE-2021-45046) 

Read more about the exploits here. 

Mercer | Mettl has taken proactive steps to mitigate the security risks, arising because of this vulnerability:

1. Mercer | Mettl vulnerability-affected services are being patched in line with recommendations from The Apache Software Foundation.  
2. Additional Web Application Firewall rules have been deployed for Critical Applications.
3. We also reach out to our software vendors and urge them to fix this vulnerability & provide software updates wherever applicable.  

We continue to monitor the evolving situation and take steps as necessary.