Investigation of Log4j Vulnerability status for Illumina off instrument software products
On December 10, 2021, Illumina was made aware of a vulnerability in the Apache Log4j software suite (CVE-2021-44228, CVE-2021-45046, and CVE-2021-44832). This software component is a Java-based logging utility and part of the Apache Logging Services Foundation products.
After Illumina became aware of the issue, we launched an investigation to identify potentially affected products and assess risk. The status for off-instrument software products is updated in the table below.
Illumina takes data privacy and security issues very seriously, and we hope this information helps alleviate any concerns about this vulnerability. If you have any questions, email Illumina Technical Support.
Terms:
- Impacted: The product contains one or more identified affected components.
- Not impacted: The product does not contain identified affected components.
- Patched: For Illumina-hosted solutions, updates have been applied to all in-scope instances.
- In progress: The product evaluation is underway.
Product | Impact | Mitigation Status | Technical Bulletin |
|---|---|---|---|
Illumina Connected Analytics SaaS (ICA) | Impacted | Patched | |
TruSight Suite SaaS | Not impacted |  | |
BaseSpace Suite | Impacted
| Patched
| |
DRAGEN Suite | Not impacted | Not impacted | |
Emedgene | Not impacted | Not impacted | |
Clarity LIMS v.4.x, 5.0, 5.1 | Not impacted | Not impacted | |
Clarity LIMS Cloud v5.2, 5.3, 5.4 | Impacted
| Patched | |
Clarity NextSeq 1K2K v2.1.0 | Impacted
| Patched | |
GenomeStudio | In progress | -
| - |
BlueFuse Multi | In progress | -
| - |
Proactive Portal | Not impacted | Not impacted |
\
For any feedback or questions regarding this article (Illumina Knowledge Article #6344), contact Illumina Technical Support [email protected]. |