Building Blocks has not seen any abuse of the vulnerability in its’ clients solutions. Software platforms used by Building Blocks for day-to-day business have also been evaluated by our IT partner and found to be not vulnerable to this attack.
Solutions created by Building Blocks do not use Log4j directly and are therefore at low risk for abuse. However, the following mitigating actions have been taken:
1. Application logs have been analyzed and no suspicious behavior has been found.
2. The feature which allows for the vulnerability has been disabled by configuration (mitigates CVE-2021-44228).
3. The vulnerability described in CVE-2021-45046 has no effect on building blocks as no context parameters are used throughout our solutions.
In case you have any further questions regarding your case, please reach out to our DPO/CISO Daan Möhlmann, email@example.com.