Hello, you probably have seen CVE-2021-44228, which affects log4j. After analyzing the products' use of log4j, this is what we came down to as a public messagewe have come to the following conclusion:
VidiFlow and Camunda are not affected.
VidiCore and VSA do not use log4j2, or only with controlled output*.
ElasticSearch 6 is not susceptible to RCE.
Solr is also not susceptible as VidiCore will escape all texts sent to Solr**.
ActiveMQ is not using log4j2.
...