2021-12-16 Official Log4J Statement:
Last week, a vulnerability in the Log4J framework was discovered which is affecting companies across the internet. We want to reassure our customers and our trading partners that we take security very seriously. We have evaluated the impact of this on our software and our network and have found no direct vulnerability to our systems at this time. We are proactively monitoring the situation for more updates.
We have found that two of our vendors, Dell and VMware, have vulnerabilities and we are expecting patches from them soon. Dell has provided an ETA for their patch; VMWare does not have an ETA at this time. The effects of the Dell and VMware vulnerabilities are not a direct threat to our database servers because they are not on our public network. Our customer data is in no way at risk.
Our IT Team has verified that our firewalls and switches, two hardware components that bridge contact between the internet and our database servers, are not affected by this vulnerability.
We will provide updates on this thread as the situation develops.