IntelliMagic statement on Log4j vulnerability CVE-2021-44228

With regard to the severe vulnerability CVE-2021-44228 in Log4j, we are pleased to confirm that IntelliMagic Vision and IntelliMagic Direction do not use Log4j in any part of their code base. Therefore, IntelliMagic Vision and IntelliMagic Direction, including all their components as provided to you by IntelliMagic, are not affected by the Log4j vulnerability (CVE-2021-44228). We also investigated the Cloud environment in which we run IntelliMagic Vision as a Service (SaaS) for our customers, and have identified that all the third party software that is running on this Cloud environment is unaffected by this vulnerability. So we can also confirm that our IntelliMagic Vision as a Service Cloud environment is not affected by the Log4j vulnerability (CVE-2021-44228).

The above applies to all flavors of IntelliMagic Vision and IntelliMagic Direction, i.e. IntelliMagic Vision for z/OS, IntelliMagic Vision for SAN, IntelliMagic Direction for z/OS, IntelliMagic Direction for SAN, and all their respective submodules.

We completed the investigation on Tuesday, December 14, 2021.