Log4J vulnerability statement | Access Care Management Help Centre

The majority of The Access Group’s products are .NET and this vulnerability (CVE-2021-44228) relates to Java-based applications that use Log4j 2 versions 2.0 through 2.14.

Only 3 Access products were identified as using the Log4j library and have now been patched.

As a precaution, we have scanned our public-facing estate to look for this vulnerability and that has come back negative. In addition to this, we have next-gen firewalls that block this attack in transit and XDR/EDR systems that detect and block any IOCs discovered on our hosts.

We have identified third-party products in-use that may be vulnerable; however, these are internally facing only, and remediation will be scheduled as it becomes available.

If you have any additional questions or queries regarding this, Please raise a new case online and reference the title of this article.