Investigation of Log4j Vulnerability status for Illumina off instrument software products
On December 10, 2021, Illumina was made aware of a vulnerability in the Apache Log4j software suite (CVE-2021-44228, CVE-2021-45046, and CVE-2021-44832). This software component is a Java-based logging utility and part of the Apache Logging Services Foundation products.
After Illumina became aware of the issue, we launched an investigation to identify potentially affected products and assess risk. The status for off-instrument software products is updated in the table below.
Illumina takes data privacy and security issues very seriously, and we hope this information helps alleviate any concerns about this vulnerability. If you have any questions, email Illumina Technical Support.
Terms:
Impacted: The product contains one or more identified affected components.
Not impacted: The product does not contain identified affected components.
Patched: For Illumina-hosted solutions, updates have been applied to all in-scope instances.
In progress: The product evaluation is underway.
Product
Impact
Mitigation Status
Technical Bulletin
Illumina Connected Analytics SaaS (ICA)
Impacted
Patched
TruSight Suite SaaS
Not impacted
BaseSpace Suite
Impacted
Patched
DRAGEN Suite
Not impacted
Not impacted
Emedgene
Not impacted
Not impacted
Clarity LIMS v.4.x, 5.0, 5.1
Not impacted
Not impacted
Clarity LIMS Cloud v5.2, 5.3, 5.4
Impacted
Patched
Clarity NextSeq 1K2K v2.1.0
Impacted
Patched
GenomeStudio
In progress
-
-
BlueFuse Multi
In progress
-
-
Proactive Portal
Not impacted
Not impacted
For any feedback or questions regarding this article (Illumina Knowledge Article #6344), contact Illumina Technical Support techsupport@illumina.com.
Last updated