Mercer | Mettl's Response to Log4j Vulnerability
A recently disclosed RCE Vulnerability affects Apache Log4j versions 2.0-beta9 to 2.14.1 (CVE-2021-44228 and CVE-2021-45046)
Read more about the exploits here.
Mercer | Mettl has taken proactive steps to mitigate any security risks arising because of this vulnerability:
- Mercer | Mettl Services identified as effected by this vulnerability are being patched in line with recommendations from The Apache Software Foundation.
- Additional Web Application Firewall rules have been deployed for Critical Applications.
- We are also reaching out to our software vendors and urging them to fix this vulnerability & provide software updates wherever applicable.
We continue to monitor the evolving situation and take steps as necessary.