You're viewing an archived page. It is no longer being updated.
We have identified and mitigated vulnerable applications in our infrastructure in light of the zero-day vulnerability in the Apache Log4j software that was published recently, and a number of related vulnerabilities that have been published since then. None of the vulnerable applications appear to have been exploited.
We are actively monitoring the latest developments, and working with internal teams and external vendors to keep our systems and data secure. If you find any security vulnerability in our infrastructure or applications, you can report it using our Responsible Disclosure Policy.
For additional information on the log4j vulnerabilities, please read ENISA's statement on Log4j.