Response to CVE-2021-44228 Log4j vulnerability
by Toni Palau
On December 9, 2021, the CVE-2021-44228 vulnerability in the Apache Log4j Java logging library was disclosed, affecting all Log4j2 versions prior to 2.15.0. ANDATA promptly conducted a code base assessment for all applications.
CVE-2021-44228 relates to Log4j2 in specific version ranges. Our applications are based on MATLAB. MATLAB does not include Log4j2 until V2021a, but it does include the previous version Log4j, which is not affected by CVE-2021-44228.
Thus, our applications are not affected by CVE-2021-44228 in any version shipped to date.
The MathWorks Inc. has also published a statement about this vulnerability: https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf