The Simple Logging Facade for Java (SLF4J or log4j) is a tool used by neoControl and neoCatalog to generate their logs.


We were asked by a customer for advice on a possible vulnerability in log4j, CVE-2021-44228, that affects several versions 2.x.


Since neoControl and neoCatalog use log4j version 1.2.17, these are not vulnerable to the exploit.