© 2018 Capita Business Services Ltd. All rights reserved.

Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.

Log4J Security Issue

Our TI community have wide and varied implementations for mutual customers.  ESS would ask all TIs to review their own products with respect to this known industry problem and do 2 things:

  1. Advise their customers of any issues that may impact them and any corresponding actions that customers need to take.
  2. Please share this guidance with companies / products that use ESS / ParentPay data via your products if applicable.

Please contact ESS-PartnerSupport@parentpay.com.uk if you need further assistance.  

Our advice to customers is shared below.

TI Team

Useful resources:

https://logging.apache.org/log4j/2.x/security.html

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

ESS Guidance

"We are fully aware of the Apache Log4j 2 vulnerability also known as Log4Shell, and we have been investigating this issue since the 10th Dec as part of our advanced security programme.

Please rest assured that ESS services do not utilize the vulnerable Java Logging Library and thus are not directly exposed to this issue.

As a precaution we are also operating multiple threat feeds and detection methods to highlight any relevant activity.

Our security team continue to work on identifying and mitigating any supporting infrastructure, back-office systems, suppliers or third party partners which may be exposed to this vulnerability. Where this is the case, we will be taking appropriate measures to ensure the safety and security of our systems and the data we process.

We have no reason to believe that any ESS systems are at risk, and we will continue to monitor the situation closely."