Log4j2 Vulnerability
Scheduled Maintenance
Report for Affirm
Completed
Affirm has completed assessing and patching all vulnerable instances. After further review, there is no evidence to suggest there was any exploitation. We will continue to monitor and will remain vigilant on any future challenges posed by Log4J.
Verifying
To our Merchants, Partners & Consumers:
Affirm has assessed and patched all vulnerable instances related to Log4J, and there is no evidence to suggest there was any exploitation. Our Security Team continues to verify and monitor, and will remain vigilant on any future challenges posed by Log4J.
We appreciate your trust in Affirm and we will continue to keep you informed on the situation, consistent with our commitment to honesty, transparency, and putting people first.
For additional information regarding this vulnerability, please see CVE-2021-44228 at https://nvd.nist.gov/ and the Apache Log4j2 documents at https://logging.apache.org/.
Affirm has assessed and patched all vulnerable instances related to Log4J, and there is no evidence to suggest there was any exploitation. Our Security Team continues to verify and monitor, and will remain vigilant on any future challenges posed by Log4J.
We appreciate your trust in Affirm and we will continue to keep you informed on the situation, consistent with our commitment to honesty, transparency, and putting people first.
For additional information regarding this vulnerability, please see CVE-2021-44228 at https://nvd.nist.gov/ and the Apache Log4j2 documents at https://logging.apache.org/.
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Scheduled
As you may be aware, a critical vulnerability was published late last week that affected Log4J, a commonly used Java-based logging tool.
As soon as we learned of this matter, Affirm’s Security team took immediate steps to investigate the potential impact and take action. A majority of our patching has already concluded, and there is no evidence to suggest that there was any exploitation. We will continue to closely monitor and investigate this issue as safeguarding customer information is our top priority.
We appreciate your trust in Affirm and we will continue to keep you informed, as appropriate, consistent with our commitment to honesty, transparency and putting people first.
For additional information regarding this vulnerability, please review CVE-2021-44228 on https://nvd.nist.gov/ and the Apache Log4j2 on https://logging.apache.org/.
As soon as we learned of this matter, Affirm’s Security team took immediate steps to investigate the potential impact and take action. A majority of our patching has already concluded, and there is no evidence to suggest that there was any exploitation. We will continue to closely monitor and investigate this issue as safeguarding customer information is our top priority.
We appreciate your trust in Affirm and we will continue to keep you informed, as appropriate, consistent with our commitment to honesty, transparency and putting people first.
For additional information regarding this vulnerability, please review CVE-2021-44228 on https://nvd.nist.gov/ and the Apache Log4j2 on https://logging.apache.org/.
This scheduled maintenance affected: Affirm.com (US).