PAS Ltd continually monitor the threat landscape for attacks, and as such have checked our products and services to understand if/and where Apache Log4j2 maybe used - however we can confirm that we have no instances of this library in our services or systems.

The vulnerability, known as CVE-2021-44228 and referred to as “Log4Shell,” affects Java-based applications that use Log4j 2 versions 2.0 through 2.14.1. Although Log4j 2 is a Java-based logging library that is widely used in business system development and included in various open-source libraries, we have no Java based logging in use with systems developed by PAS Ltd.

All our servers and systems are kept updated in line with our published update procedure (see here), and we can confirm that all systems are currently up to date and fully patched.

We are actively working with our strategic partners to ensure that all their systems are correctly patched and updated to mitigate any issue.