Dear Customers and Partners,
PrimeKey has conducted an assessment of the recently-announced CVE for the log4j library (https://github.com/advisories/GHSA-jfh8-c2jp-5v3q).
The quick answer is that none of our products are affected by this vulnerability.
- EJBCA, SignServer, Cloud, SaaS and Appliance (the HW and SW Appliance) products, make use of the application server's logging implementation which is not affected by this vulnerability 
- For the IdAM, it is not affected according to the latest investigation.
Please note that the detailed investigations are still on going, and this statement might change.
If you have any questions, please contact support.