Modern Treasury - CVE-2021-44228 and CVE-2021-45046 (aka Log4Shell) – Incident details

Experiencing partially degraded performance

CVE-2021-44228 and CVE-2021-45046 (aka Log4Shell)

Resolved
Operational
Started almost 3 years agoLasted less than a minute

Affected

Platform/API

Operational from 10:00 PM to 10:00 PM

Marketing Website

Operational from 10:00 PM to 10:00 PM

Updates
  • Resolved
    Resolved

    In the past 10 days two serious vulnerabilities, CVE-2021-44228 and CVE-2021-45046, were disclosed in the Java-based logging package Log4j. We’ve ensured that Modern Treasury's internal systems are not vulnerable to these exploits.

    We've performed an audit on our internal software and infrastructure, and we have no instances of Log4j in use directly or via dependencies, and therefore are not vulnerable to this exploit.

    We use a number of services from AWS and other cloud vendors, and are actively monitoring them to validate that they are not vulnerable and take any necessary mitigation.

    Our customers entrust us with their financial details, and we take that role seriously. If you have any further questions, please reach out to your Customer Success Manager.