...
Subsequently to the publication of the CVE-2021-44228 an additional vulnerability has been published with CVE-2021-45046. Namirial confirms that the investigations have been extended on December 14 even to this vulnerability.
...
Subsequently to the publication of the CVE-2021-45046 an additional vulnerability has been published with CVE-2021-45105. Namirial confirms that the investigations have been extended on December 18 even to this vulnerability.
** Update 29/12/2021 **
Subsequently to the publication of the CVE-2021-45105 an additional vulnerability has been published with CVE-2021-44832. Namirial confirms that the investigations have been extended on December 29 even to this vulnerability.
Namirial Enterprise
Namirial is continuing to inventory our products and systems potentially impacted by these vulnerabilities. As necessary, we are updating to Log4j version 2.17.1, which fixes all the vulnerabilities reported till December 2029, and applying mitigations in the interim, even in cases where additional control layers such as network controls and web application firewalls prevent exploitation of these vulnerabilities. Anyway, due to the criticality of the services provided, Namirial does not share documents or information relating to its security systems and controls to respond to the requests for additions and clarifications regarding the security of information made by third parties, be they Customers, Suppliers and/or Partners.
...