Indeni’s response to the Log4j vulnerability

Last updated: July 31, 2025

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

At Indeni, as in many organizations, we took immediate actions following the details emerging around CVE-2021-44228. The Log4j vulnerability has come to be known as Log4Shell. Security researchers disclosed this vulnerability on Friday Dec 10, 2021. In situations like these, we quickly identify any risks to customers and thoroughly investigate any exposure we may have ourselves.

Indeni product is running version 1.12 which does not use a Log4j version vulnerable to CVE-2021-44228. You can find the locations of the log4j logback.xml configuration files below.

Here at Indeni, we take risk and vulnerability in open-source software very seriously. If you have additional questions related to the Log4j vulnerability, please do not hesitate to contact us.

Key takeaways

The article describes Indeni's immediate response to the Log4j (Log4Shell) vulnerability CVE-2021-44228 disclosed on December 10, 2021. It explains that Indeni assessed risk to customers and investigated their own exposure, confirming their product runs version 1.12 which does not include a Log4j version vulnerable to CVE-2021-44228. The company emphasizes its serious approach to open-source software vulnerabilities, provides locations of log4j logback.xml configuration files, and invites customers to contact them with additional questions.

What actions did Indeni take after the Log4j (Log4Shell) vulnerability disclosure?

Following disclosure of CVE-2021-44228 on December 10, 2021, Indeni immediately identified potential risks to customers and conducted a thorough investigation to determine any exposure within their own environment. They confirmed the specific version of their product, verified whether it used vulnerable Log4j components, located relevant logback.xml configuration files, and communicated findings to stakeholders. The response emphasizes prompt assessment, internal verification, and transparent customer communication as primary actions.

Does Indeni's product use a vulnerable Log4j version regarding CVE-2021-44228?

Indeni confirmed that their product is running version 1.12 and does not use a Log4j version vulnerable to CVE-2021-44228. This determination was part of their immediate post-disclosure investigation to assess exposure risk to both customers and their own systems. By identifying the software version in use and verifying the absence of the vulnerable Log4j component, Indeni concluded there is no direct vulnerability related to CVE-2021-44228 in the referenced product version.

How can customers get more information about Indeni's handling of the Log4j vulnerability?

The article states that Indeni takes open-source software risk and vulnerabilities seriously and has provided the locations of log4j logback.xml configuration files for reference. Customers with additional questions about the Log4j vulnerability or Indeni’s assessment are encouraged to contact Indeni directly for further information. This outreach option is presented to ensure transparency and to address any remaining concerns about exposure, configuration details, or mitigation steps.

Unlock $120K+ in network ROI

Indeni’s response to the Log4j vulnerability

Related content

How to map your network with user-defined links in Integrity X

Automate your DDI modernization path by migrating with Micetro

Your journey to intelligent NetOps begins at Cisco Live

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)