Mercer | Mettl's Response to Log4j Vulnerability

Mercer | Mettl's Response to Log4j Vulnerability

A recently disclosed RCE Vulnerability affects Apache Log4j versions 2.0-beta9 to 2.14.1 (CVE-2021-44228 and CVE-2021-45046) 


Read more about the exploits here. 


Mercer | Mettl has taken proactive steps to mitigate any security risks arising because of this vulnerability:

  1. Mercer | Mettl Services identified as effected by this vulnerability are being patched in line with recommendations from The Apache Software Foundation.  
  2. Additional Web Application Firewall rules have been deployed for Critical Applications.  
  3. We are also reaching out to our software vendors and urging them to fix this vulnerability & provide software updates wherever applicable.  

We continue to monitor the evolving situation and take steps as necessary.  


If you have additional questions related to this exploit, please reach out to us at mettl-delivery@mercer.com