Technical Bulletin: Apache Software Log4j – Security Vulnerability CVE-2021-44228
Release Date: December 14, 2021
NOTICE: The information in this document, including products and software versions, is current as of the Release Date. This document is subject to change without notice.
Top Gun Impact Analysis of Internal Systems and Service Platforms
Top Gun has conducted a vulnerability review and has not identified any impacts to Top Gun internal systems or service platforms.
On December 10th the National Vulnerability Database released alert CVE-2021-44228 relating to Apache Log4j2 vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2021-44228. Log4j is a commonly used logging library made by the Apache Software Foundation. Information can be found at https://logging.apache.org/log4j/2.x/security.html
Top Gun recommends that clients review their products and check for vulnerable versions of Apache Log4j in their environments and applications and apply fixes as recommended by the OEM.
OEM Products
12/14/2021: The following matrix can provide further information on the impact to specific OEM Products.
Top Gun, Inc shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided “as is” without warranty of any kind. To the extent permitted by law, neither Top Gun nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice.