Log4Shell

Notice: The information in this document, including products and softwares, is current as of December 17, 2021. This document will continue to be updated as additional information becomes available and is subject to change without notice.

Apache Log4j is a library for logging functionnality in Java-based applications. On December 9, 2021, a critical vulnerability known as "Log4Shell" or "LogJam" was disclosed affecting all Log4j v2 versions earlier than 2.15 with JNDI features. This issue has been assigned CVE-2021-44228. Additional related vulnerabilities have been disclosed: CVE-2021-45046 and CVE-2021-45105.

Atos takes product security very seriously. We are investigating and taking action for Atos HPC products that may be potentially impacted. Atos continues to assess all its products and works with involved 3rd party vendors to determine which products may be affected by these vulnerabilities.

• BullSequana X400-E5: Product not impacted (*)
• BullSequana X400-A5: Product not impacted (*)
• BullSequana X800: Product not impacted
• BullSequana X1000: Product not impacted
• BullSequana XH2000: Product not impacted

Note:

1) Additional tools can be downloaded from partners or 3rd party vendors web sites to manage the hardware platforms. Check the latest information by selecting (*).

2) GPGPU configuration can use software product from partner web sites. Please, check the latest information from our partners.

• SCS5 and related products: Product not impacted
• Smart Management Center (SMC) and related products: Product not impacted
• Smart Management Center for xScale (SMC xScale) and related products: Product not impacted

Note: Elasticsearch is included with SMC xScale. The version which is provided is not susceptible to be impacted due to usage of the Java Security Manager (*)

Atos continues to monitor the situation of these vulnerabilities and evaluate product exposure.