PSA-012: Log4shell

CVE-2021-44228

Note

This Product Security Advisory is based on a thorough investigation and all findings that were available at the time of publication. Should new information on the matter become available, it is possible that the initial assessment changes and the Advisory will be updated.

Statement

We hereby inform that MiR products are not affected by the Apache Log4j vulnerability known as Log4Shell.

Overview

Log4Shell is a critical vulnerability in the Apache Log4j library which was assigned the CVE ID CVE-2021-44228.

MiR products are not affected by the vulnerability, as they do not include the Apache Log4j library.

References

NIST NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Apache security advisory: https://logging.apache.org/log4j/2.x/security.html