Apache Log4j CVE-2021-44228 "Log4Shell" vulnerability

Apache Log4j CVE-2021-44228 "Log4Shell" vulnerability

December 2021 


Products: TMS and Flexipay 





Advanced has been working through the critical vulnerability that was discovered on 10 December 2021, referred to as Log4j and registered as CVE-2021-44228, as a result of the UK National Cyber Security Centre (NCSC) issuing an alert stating they had detected some activity relating to this in the UK. The US Cybersecurity and Infrastructure Security Agency (CISA) issued a similar alert. 


Log4Shell is an actively exploited remote code execution vulnerability in the open-source Log4j 2 logging library. Log4j is used in numerous Java applications and is present in many services as well as a wide range of cloud services. 


The Advanced Cyber Security team raised a Priority 1 Incident immediately to scan and identify products and services which could be affected. 


Our security testing has not identified any exploitable vulnerabilities related to this issue in this product. We are continuing to analyse the issue and will advise with any updates. We would advise that if you are hosting your Advanced application on your own infrastructure that you continue to perform full scans of that environment. 


If you or your team would like more information on this vulnerability, please visit The UK National Cyber Security website Alert: Apache Log4j 2 vulnerability (CVE-2021-44228) - NCSC.GOV.UK. 


If you have any further concerns please contact our Support Team. 


Thank you for your understanding and patience.   


Your faithfully 




Justin Young 

Director of Security and Compliance > Advanced  


    • Related Articles

    • Poller log

      The Poller log provides an audit of poller activity. This may include attempted and successful terminal clockings. Select Close to return to the Terminal Site Planner home page.
    • Kiosk log

      The log provides you with information on any interactions that your Employees have had with your Kiosk system, and also gives you details of any errors that have occurred with your Kiosk system. In the following screenshot, you can see that the ...
    • TMS website extended logging

      The TMS website offers some extended logging to help debug stubborn errors. This article details how to enable the logging and where to find the resulting log files. Enabling logging The TMS website extended logging can be enabled by editing the ...
    • Clearing Anomalies - Start a New Period End

      Log into WINTMS and on the menu, go to ADMIN and then Period Ends. Highlight each Work Rule and then select Start New Period Ensure the dates are correct and press OK. Repeat for each Work Rule.
    • Removal of automatic deletion of Employees for the DA module

      Prior to version, the Data Assurance module automatically ran a job on the Processor on a daily basis to delete Employees that had reached their Deletion date (the time period specified in the System preferences for WinTMS to remove the data ...