Log4j vulnerability and impact on Evidos services
Incident Report for Evidos trust services
Postmortem

We have completed our investigation into our 3rd party and external services.

To reiterate: Our core services as listed on our status page (API, UI/View, Portal, Auth, ID Proof, Webforms) are not impacted, and do not use Java, Log4j or are on a new version which is not impacted by the vulnerability.

Our 3rd party services are not impacted, and confirmed that they either:

  • Are not impacted.
  • Performed patching so are not on an impacted Log4j version.
  • See no impact because of the nature of the service (offline/not connected to the internet), but are hardening the service on short notice anyhow.

We are actively monitoring the situation and will update our status page if news comes in.

Posted Dec 14, 2021 - 17:58 CET

Resolved
We are investigating the Log4j Apache vulnerability. After a first check this weekend our core services as listed on our status page (API, UI/View, Portal, Auth, ID Proof, Webforms) are not impacted, and do not use Java, Log4j or are on a new version which is not impacted by the vulnerability.

We are investigating our 3rd party and external services such as verification methods, and will keep you updated if any findings arise.
Posted Dec 13, 2021 - 09:00 CET