As part of our mitigation strategy for the Log4J (CVE-2021-44228) critical cybersecurity vulnerability we are conducting an impact assessment to determine the level of risk to our organization. We are reaching out to all our software providers to determine whether they have been impacted, or at risk of being impacted, by this threat.

More information on the vulnerability can be found here and here.

To support our mitigation strategy we appreciate you responding to the following questions in a timely manner:

• Do you use any software that relies on Log4J ?
• Have you executed any mitigations for CVE-2021-44228 ?
• Did you do any investigation to confirm you have not been a victim to exploitation of CVE-2021-44228 ?