TP ICAP has revealed that its security team is currently investigating and evaluating Log4Shell, the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228).
According to the official announcement, the vulnerability was uncovered by the Apache Log4j project on 9 December, 2021.
The London-listed firm said that if this vulnerability is exploited, it could potentially allow a remote attacker to execute code on the server.
TP ICAP highlight that there is no evidence that this has happened. Since finding out, the company has been evaluating its exposure and methodically fixing as patches have become available.
Additionally, the company has been deploying signatures and enhanced security controls to further strengthen the protection on its environment from the Log4j exploit.
The official announcement stated:
Based on ongoing threat intelligence as the situation evolves, we will continue to assess the impact on TP ICAP’s systems and remediate or mitigate as required. We will provide further updates as necessary.
Earlier in November, TP ICAP reported a 15% increase in its overall revenue in the third quarter of the year.