Cashfac’s Response to the Log4j Vulnerability

Vulnerability in Log4j component of java-based software notified on 10/12/21 – https://nvd.nist.gov/vuln/detail/CVE-2021-44228.

Cashfac has reviewed all components of its technology. Our review has not highlighted any material exposure to the Log4j vulnerability that would impact the use of Cashfac technology.

The optional reporting dashboard component is now back on-line following a technical investigation and supplier confirmation.

Our Security team will continue to track developments, related vulnerabilities and we will provide an update if the status changes. For more information please contact the Service Desk.

Additional information

We leverage commercial threat intelligence services in real-time and monitor notified changes in attack patterns.

We continue to work with our suppliers to ensure third party risk is understood and managed out.

John Ferguson, Chief Risk Officer