Log4J Security Issue
Our TI community have wide and varied implementations for mutual customers. ESS would ask all TIs to review their own products with respect to this known industry problem and do 2 things:
- Advise their customers of any issues that may impact them and any corresponding actions that customers need to take.
- Please share this guidance with companies / products that use ESS / ParentPay data via your products if applicable.
Please contact firstname.lastname@example.org if you need further assistance.
Our advice to customers is shared below.
"We are fully aware of the Apache Log4j 2 vulnerability also known as Log4Shell, and we have been investigating this issue since the 10th Dec as part of our advanced security programme.
Please rest assured that ESS services do not utilize the vulnerable Java Logging Library and thus are not directly exposed to this issue.
As a precaution we are also operating multiple threat feeds and detection methods to highlight any relevant activity.
Our security team continue to work on identifying and mitigating any supporting infrastructure, back-office systems, suppliers or third party partners which may be exposed to this vulnerability. Where this is the case, we will be taking appropriate measures to ensure the safety and security of our systems and the data we process.
We have no reason to believe that any ESS systems are at risk, and we will continue to monitor the situation closely."