In the past 10 days two serious vulnerabilities, CVE-2021-44228 and CVE-2021-45046, were disclosed in the Java-based logging package Log4j. We’ve ensured that Modern Treasury's internal systems are not vulnerable to these exploits.
We've performed an audit on our internal software and infrastructure, and we have no instances of Log4j in use directly or via dependencies, and therefore are not vulnerable to this exploit.
We use a number of services from AWS and other cloud vendors, and are actively monitoring them to validate that they are not vulnerable and take any necessary mitigation.
Our customers entrust us with their financial details, and we take that role seriously. If you have any further questions, please reach out to your Customer Success Manager.