Skip to content

YOUR COOKIE SETTINGS

We’re using cookies as specified in our cookies policy to give you the best experience on our website.You can find out more about which cookies we are using or switch them off by clicking Manage settings

Accept and continueManage settings

Contact us Customer portal

View navigation

YOUR COOKIE SETTINGS

We’re using cookies as specified in our cookies policy to give you the best experience on our website.You can find out more about which cookies we are using or switch them off by clicking Manage settings

Accept and continueManage settings

News

Back to all news

Apache Foundation Log4j 2 vulnerability

22nd December 2021

You will be aware from the recent NHSD cyber alert service notification, digital.nhs.uk/cyber-alerts/2021/cc-3989, that a critical vulnerability has been discovered in Apache Log4j 2, an open source Java package used by numerous apps and services across the internet. This is being tracked as CVE-2021-44228.

We can report that the majority of our third party, non-customer facing systems have now been checked, and are either unaffected, patched or have been mitigated. There are a very small number remaining, which we will continue to follow up with, but these present no risk and will not impact your services.

All customer facing systems have been verified, and are either unaffected, patched or have been mitigated.

We will communicate further should there be any change in our position, but we wanted to reiterate that we are confident that your System C systems remain secure.

If you have any questions, please contact us through the System C service desk as per usual.

Photo of Abstract lights