FINRA Statement Regarding Log4J Status

FINRA is aware of the Log4J vulnerability and has taken immediate steps to neutralize the risk. The mitigation tactics deployed by FINRA include defining alerts for exploit attempts, implementing web application firewall (WAF) rules designed to prevent exploitation of the vulnerability, conducting scans to confirm WAF rules are working as expected, and beginning to update Log4J libraries used in our self-developed applications. FINRA will continue to track this vulnerability, apply software updates as those become available, and monitor attacker exploit attempts. We will adjust our mitigation efforts if necessary as the situation evolves.