# Investigation of Log4j Vulnerability with Illumina instruments

On December 10, 2021, Illumina was made aware of a vulnerability in the Apache Log4j software suite (CVE-2021-44228, CVE-2021-45046, and CVE-2021-44832). This software component is a Java-based logging utility and part of the Apache Logging Services Foundation products.

After Illumina became aware of the issue, we launched an investigation to identify potentially affected products and assess risk and have the following update:

**The scope of products currently evaluated:**

* iSeq 100
* MiSeq
* NextSeq 500/55
* NextSeq 1000/2000
* NovaSeq 6000
* iScan

Status of evaluation:

* For all models: certain software installations and configurations may introduce affected components.

Known Affected Components:

* **Illumina Local Run Manager (LRM)**
  * This optional software module ships with an optional subcomponent, the **Genome Analysis Tool Kit** (**GATK,** MIT\*\*),\*\* which contains an affected version of log4j v.1.x.
  * This component is not accessible remotely, requires authenticated console access, and requires a measurable amount of preparation to execute a successful attack.
  * This module is currently risk assessed as mitigated.\
    CVSS 3.1 scale Base score: 6.1 Medium, Temporal and Environmental scores 5.4 Medium\
    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N/E:U/RL:W/RC:C

Illumina takes data privacy and security issues very seriously, and we hope this information helps alleviate any concerns about this vulnerability. If you have any questions, email <techsupport@illumina.com>.

\
\
\ <br>

|                                                                                                                                                                                                                                                                                                                                                                        |
| :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
| *For any feedback or questions regarding this article (Illumina Knowledge Article #6291), contact Illumina Technical Support* [*techsupport@illumina.com*](mailto:techsupport@illumina.com?subject=Question%2FFeedback%20Regarding%20Illumina%20Knowledge%20Article%20#000006291%20-%20Instrumentation%20\&body=Dear%20Illumina%20Technical%20Support,%0D%0A%0D%0A)*.* |