Open-source Apache "Log4j2" Utility


Propeller is aware of the recently disclosed issues relating to the open-source Apache “Log4j2” utility (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105).

Upon becoming aware of these vulnerabilities, we performed an analysis of our systems and dependencies to assess the impact and found the following:

  • Propeller does not use the Java language or Log4J in any of its systems. These are therefore not vulnerable.

  • Some of Propeller’s third-party vendors, like AWS, were vulnerable but have all since been patched.

  • Some third-party software that Propeller runs were vulnerable but have since all been patched.

  • No evidence has been detected of these vulnerabilities being exploited to gain access to Propeller’s systems.

Propeller is confident that it is now protected from these vulnerabilities and no action is required by customers.