Summary

In response to CVE-2021-44228 (aka Log4Shell vulnerability) which was published in December 9th 2021, we performed detailed investigation on our products listed below.

This document will be updated based on our ongoing investigation and latest findings.


Unaffected Products

The investigation about the products listed below is complete. We concluded that these OBSS products are NOT exposed to Log4Shell vulnerability.

You are not required to take any action specific to these products.


Affected Products

The products listed below are thought to be exposed to this vulnerability.

If you are using at least one of these products, please follow the instructions in the following page: Security Advisory for Log4Shell vulnerability in OBSS apps on Jira Server and Jira Data Center


Please note the OBSS products on Server and DataCenter platforms that are listed above do not introduce their own versions of log4j to the system but rather use the log4j provided by the host Jira/Confluence.

Follow the updates in the links in the Atlassian Links section below to see Atlassian's recommendations about host products.


You can use the links below to follow Atlassian announcements about this vulnerability and its effects on Atlassian host products (Jira, Confluence, etc.).

https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

https://community.developer.atlassian.com/t/update-atlassians-investigation-on-cve-2021-44228/54352

https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulne%5B%E2%80%A6%5D-to-remote-code-execution-cve-2021-44228-1103069934.html




  • No labels

© 2012-2015 Copyright OBSS