Log4j Security Issue
11 December 2021
(Updated 20 December 2021)
It was recently announced that log4j, a popular logging library used by many Java applications, is vulnerable to remote code execution (CVE - 2021 - 4428) and recognise that you are tracking this rapidly evolving issue across your vendors. This is a summary of SEEK’s response to date, but as this is an active investigation, our ability to respond to custom questionnaires at this time is limited.
Immediately following the disclosure of the log4j vulnerability, SEEK’s Cyber Security team began investigating the impact to our internal systems and our customers, candidates, and hirers. We take these vulnerabilities very seriously and this was made a top priority at a company level by SEEK’s CEO.