A vulnerability in the Log4J logging library allows an unauthenticated attacker to perform remote code execution and gain complete access to a target system via a vulnerable version of the Log4J library. Any application that uses Log4J is potentially affected.
Six Degrees is aware of the ongoing situation. We are actively working with partners and vendors to mitigate potential exploits.
There is no known record of this being exploited yet, though knowledge is coming through that reconnaissance is starting to be detected around the UK.
An initial list of technologies which have confirmed as vulnerable and those that are still investigating can be found here.
Six Degrees Actions
Six Degrees is working to deploy emergency mitigations on all potentially vulnerable technologies in-line with security best practices and change management. We will communicate the next steps to clients before implementing the upgrades.