Statement of Compliance
Panoramic Data Limited has completed a full audit of all systems for exposure to the recent log4j vulnerabilities:
- CVE-2021-44228
- CVE-2021-45046
Non-vulnerable systems
The following class of systems were reviewed and found not to have been vulnerable at any point:
- Internal systems:
- Reverse Proxy
- Ticketing system
- Documentation system
- Monitoring system
- Logging system
- Website
- Firewalls
- Remote access
- Databases
- Custom software (developed on behalf of customers):
- Various
- External systems:
- “Magic Suite”
- ReportMagic
- ConnectMagic
- AlertMagic
- Nuget packages, including (but not limited to):
- LogicMonitor.Api
- Cisco.Api
- Meraki.Api
- ServiceNow.Api
- LogicMonitor.Cli
- LogicMonitor.Datamart
- PanoramicData.NCalcExtentions
- PanoramicData.SheetMagic
- MicrosoftDynamics.Api
- PanoramicData.Blazor
- AutoTask.Api
- AutoTask.Psa.Api
- Mapbox.Api
- PanoramicData.AuthMagic
- “Magic Suite”
Vulnerable systems
The following systems were reviewed and found to have been vulnerable for a short duration. The system logs were checked and only authorised accounts were found to have used the system:
-
- Minecraft server – installed on 2019-11-08
On 2021-12-09, CVE-2021-44228 was published. This came to our attention on 2021-12-11.
The server was upgraded to the latest, non-vulnerable version 1.18.1 on them same day at 2021-12-11 14:43.
We can find no evidence that the vulnerability was exploited at any time, nor could this have resulted in any exposure of company or customer data.