Uncategorized

Statement of compliance – CVE-2021-44228 and CVE-2021-45046 (log4j)

Statement of Compliance

Panoramic Data Limited has completed a full audit of all systems for exposure to the recent log4j vulnerabilities:

  • CVE-2021-44228
  • CVE-2021-45046

Non-vulnerable systems

The following class of systems were reviewed and found not to have been vulnerable at any point:

  • Internal systems:
    • Reverse Proxy
    • Ticketing system
    • Documentation system
    • Monitoring system
    • Logging system
    • Website
    • Firewalls
    • Remote access
    • Databases
  • Custom software (developed on behalf of customers):
    • Various
  • External systems:
    • “Magic Suite”
      • ReportMagic
      • ConnectMagic
      • AlertMagic
    • Nuget packages, including (but not limited to):
      • LogicMonitor.Api
      • Cisco.Api
      • Meraki.Api
      • ServiceNow.Api
      • LogicMonitor.Cli
      • LogicMonitor.Datamart
      • PanoramicData.NCalcExtentions
      • PanoramicData.SheetMagic
      • MicrosoftDynamics.Api
      • PanoramicData.Blazor
      • AutoTask.Api
      • AutoTask.Psa.Api
      • Mapbox.Api
      • PanoramicData.AuthMagic

Vulnerable systems

The following systems were reviewed and found to have been vulnerable for a short duration.  The system logs were checked and only authorised accounts were found to have used the system:

    • Minecraft server – installed on 2019-11-08

On 2021-12-09, CVE-2021-44228 was published.  This came to our attention on 2021-12-11.

The server was upgraded to the latest, non-vulnerable version 1.18.1 on them same day at 2021-12-11 14:43.

We can find no evidence that the vulnerability was exploited at any time, nor could this have resulted in any exposure of company or customer data.