A vulnerability CVE-2021-44228 (“Log4Shell”) was discovered on December 9th, 2021 in the Apache Log4j Library with which a remote code execution may be possible. Log4j versions from 2.0 to 2.15.0 are considered vulnerable. Since then additional, related vulnerabilities CVE-2021-45046 and CVE-2021-45105 have been discovered.

Our testing and analysis has not identified any exploitable Log4j related vulnerabilities in our systems. We do not use Log4j for logging in our core product. We have implemented mitigations as a precaution on our systems on December 15th 2021. We will continue the investigation and monitoring of the issue and provide updates in this article of any new findings.

Updates
21 Dec 2021
– Added a note of CVE-2021-45046 and CVE-2021-45105