Apache Log4j vulnerability – No impact to Vipps
Incident Report for Vipps MobilePay
On Thursday, 2021-12-09, a vulnerability in the Apache Log4j library was detected, potentially affecting systems running the library. The globally recognized Log4j software bug, and the potential Log4Shell vulnerability linked to this, was handled immediately in Vipps, and all relevant actions to remediate this vulnerability was taken, to ensure the continued secure and stable operation of our services. We have not identified any signs that the vulnerability has been exploited, and will continue to follow the situation closely and monitor our systems for suspicious activity.
Vipps is currently not at risk of breach via this vulnerability.
We strongly recommend all partners to perform analysis of their own systems for vulnerabilities.
See more information about this 0-day exploit here.
Posted Dec 09, 2021 - 07:00 CET