Statement of Compliance

Panoramic Data Limited has completed a full audit of all systems for exposure to the recent log4j vulnerabilities:

• CVE-2021-44228
• CVE-2021-45046

Non-vulnerable systems

The following class of systems were reviewed and found not to have been vulnerable at any point:

• Internal systems:
  • Reverse Proxy
  • Ticketing system
  • Documentation system
  • Monitoring system
  • Logging system
  • Website
  • Firewalls
  • Remote access
  • Databases
• Custom software (developed on behalf of customers):
  • Various
• External systems:
  • “Magic Suite”
    • ReportMagic
    • ConnectMagic
    • AlertMagic
  • Nuget packages, including (but not limited to):
    • LogicMonitor.Api
    • Cisco.Api
    • Meraki.Api
    • ServiceNow.Api
    • LogicMonitor.Cli
    • LogicMonitor.Datamart
    • PanoramicData.NCalcExtentions
    • PanoramicData.SheetMagic
    • MicrosoftDynamics.Api
    • PanoramicData.Blazor
    • AutoTask.Api
    • AutoTask.Psa.Api
    • Mapbox.Api
    • PanoramicData.AuthMagic

Vulnerable systems

The following systems were reviewed and found to have been vulnerable for a short duration.  The system logs were checked and only authorised accounts were found to have used the system:

• • Minecraft server – installed on 2019-11-08

On 2021-12-09, CVE-2021-44228 was published.  This came to our attention on 2021-12-11.

The server was upgraded to the latest, non-vulnerable version 1.18.1 on them same day at 2021-12-11 14:43.

We can find no evidence that the vulnerability was exploited at any time, nor could this have resulted in any exposure of company or customer data.