Apache Log4j is a library for logging functionality in Java-based applications.
A flaw was found in Apache Log4j v2 (an upgrade to Log4j), allowing a remote attacker to
execute code on the server if the system logs an attacker-controlled string value with the
attacker's Java Naming and Directory Interface™ (JNDI) Lightweight Directory Access
Protocol (LDAP) server lookup. This flaw allows a remote attacker to execute code on the
target system with the same privileges as the Java-based application that invoked Apache
This issue has been assigned CVE-2021-44228 and rated with a severity impact of Critical.
In response, Mortgage Coach immediately audited all systems to identify the impact, if any, to
Mortgage Coach data security. In our review, we have confirmed that the Log4j library is not in
use in any of our systems and presents no risk or vulnerability to our systems or clients.
As an ongoing preventative measure, we use a constant vulnerability scanner to
help identify and remediate any newly discovered issues. Our scanner did report the
vulnerability, performed a test on our systems, then issued a passing grade to indicate that
our systems are not affected.
VP of Technology