The Log4Shell flaw (CVE-2021-44228) is a previously unknown and critical vulnerability that was publicly shared on 9 December, 2021. This vulnerability impacts multiple versions of the widely used software tool, Apache Log4j 2. On 14 December, 2021, a second vulnerability (CVE-2021-45046) that affects Log4j was found and shared.
Mollie does not use the Apache Log4j utility and is not directly impacted by either of these vulnerabilities. Out of an abundance of caution, we are investigating with our suppliers and partners if these flaws may indirectly impact any of our services. If any irregularities are discovered, we will take immediate action to prevent any impact to our customers and services.
You can continue to use our services as normal. However, we strongly urge you to check your systems to see if they have been affected by these Log4j software flaws. The Dutch National Cyber Security Centre (NCSC) is compiling a list of affected software and services.