We are aware of a remote code execution vulnerability (CVE-2021-44228) that is affecting multiple versions of the Apache Log4j 2 library.
The National Cyber Security Centre (NCSC) is aware that scanning for this vulnerability has been detected in the UK and exploitation detected elsewhere.
The NCSC has published guidance for firms[1] to help identify if they may be affected. It will be updated regularly by the NCSC where more information is available.
We recommend that all firms using the Apache Log4j 2 library review the NCSC guidance to ensure the safety of their firm’s systems. Please note any operational impacts associated with this issue should be escalated via normal supervisory reporting processes.