On December 11, 2021, Intershop security and engineering teams became aware of the Log4j vulnerability (CVE-2021-44228) and initiated investigations. Intershop began patching or mitigating any vulnerable configurations that were identified.
At this point in time we have taken all the necessary precautionary steps and continue to monitor the situation to ensure the security and stability of our production environment.
December 13, 2021: Intershop has not discovered any indication of compromise of our internal systems nor that of any of our customers. Intershop is coordinating with our on-premise clients and partners, to ensure that the security of our products and those of our clients are maintained.
December 15, 2021: The Log4j vulnerability has been expanded within a new advisory (CVE-2021-45046). Intershop is currently investigating whether any of our customer environments may be impact. Preliminary results indicate that the previous safety measures that were undertaken should be sufficient. We are in the process of updating our internal documentation for on-premise clients and partners.
January 12, 2022: Intershop is tracking the new security advisories for log4j (CVE-2021-45105; CVE-2021-44832). The current investigation indicates that Intershop systems and software are not affected by these vulnerabilities.
Additional technical base information can be found in Intershop Knowledge Base: Log4j - Security Advisory
This advisory will continue to be updated as the situation evolves