UK regulator Financial Conduct Authority (FCA) announced that it’s been made aware of a remote code execution vulnerability (CVE-2021-44228) that is affecting multiple versions of the Apache Log4j 2 library.
The National Cyber Security Centre (NCSC) is aware that scanning for this vulnerability has been detected in the UK and exploitation detected elsewhere. The NCSC has published guidance for firms to help identify if they may be affected. It will be updated regularly by the NCSC where more information is available.
The FCA recommended that all firms using the Apache Log4j 2 library review the NCSC guidance to ensure the safety of their firm’s systems and that any operational impacts associated with this issue should be escalated via normal supervisory reporting processes.