6227 - Lattice Security Notification: Apache Log4j Vulnerability (CVE-2021-44228, CVE-2021-45046) ("Log4j Vulnerability")

6227 - Lattice Security Notification: Apache Log4j Vulnerability (CVE-2021-44228, CVE-2021-45046) ("Log4j Vulnerability")

Summary:
Industry-wide security vulnerabilities in Apache Log4j Java logging library (a logging tool used in many Java-based applications) may allow escalation of privilege or denial of service as described in CVE (Common Vulnerabilities Enumeration) 2021-44228 and CVE-2021-45046.
After an initial investivation, we believe that our IT infrastructure is not impacted by this vulnerability.

Lattice is actively investigating whether any of its products are potentially impacted by the Log4j Vulnerability. Findings from this investigation to-date can be found below.

Vulnerability Details:
For more information on this vulnerability, please see the listings on the National Vulnerability Database:

CVE ID: CVE-2021-44228
CVE ID: CVE-2021-45046

Product Portfolio:
At this time, after initial investigation, Lattice believes that the following software versions are not impacted by the Log4j vulnerability