We have reviewed our products in order to identify services that use the vulnerable log4j library. Only Elastic Search in ASGARD Analysis Cockpit uses log4j but is NOT vulnerable.
“Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager. Elasticsearch on JDK8 or below is susceptible to an information leak via DNS which is fixed by a simple JVM property change.”
Even older and EOL products like ASGARD v1 are not affected.
Other products don’t use JAVA or log4j.