Interdealer broker TP ICAP today provided an update on security vulnerability. The company says its security team is investigating the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell.
This vulnerability was disclosed by the Apache Log4j project on Thursday 9 December, 2021. If exploited, it could potentially allow a remote attacker to execute code on the server.
TP ICAP notes that there is no evidence that this vulnerability has been exploited successfully against the company.
Below is the full announcement by TP ICAP:
“As a priority, the TP ICAP Security team continues to investigate and evaluate the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell.
This vulnerability was disclosed by the Apache Log4j project on Thursday 9 December, 2021. If exploited, it could potentially allow a remote attacker to execute code on the server.
There is no evidence that this vulnerability has been exploited successfully against TP ICAP. Since learning of the vulnerability, TP ICAP has been evaluating its exposure and methodically remediating as patches have become available.In addition, we have been deploying signatures and enhanced security controls to further protect our environment from the Log4j exploit.
Based on ongoing threat intelligence as the situation evolves, we will continue to assess the impact on TP ICAP’s systems and remediate or mitigate as required. We will provide further updates as necessary.
Please don’t hesitate to contact your TP ICAP coverage or account manager if you have any questions”.