Attestation of No Impact – Apache Log4j

December 13, 2021
RE: Apache Log4j Vulnerability (CVE-2021-44228)

To Whom It May Concern:
This letter is intended to serve as formal attestation that Melissa Data Corporation (“Melissa”) was not impacted by the remote code execution (RCE) vulnerability in Apache Log4j as we do not utilize Apache Log4j for any Melissa commercial web services or products. Additionally, Melissa does not host any current versions of its web services in Apache. Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

If you have any additional questions, please contact Melissa’s Compliance department at Compliance@melissa.com.

Sincerely,
Rodolfo Lopez, IT Manager/CISO
Melissa Data Corporation

Leave a Reply

Your email address will not be published.