Log4j Software Component Vulnerabilities SECURITY BULLETIN

December 16, 2021

BACKGROUND

Medtronic is aware of vulnerabilities in the Log4j software component, commonly named “Log4Shell” and is assessing and addressing the issue. Log4j is used broadly across internet services, applications and consumer products.

For more background, please refer to this CISA bulletin
 

Medtronic Response

To date, Medtronic has not seen any exploit of this vulnerability in our corporate IT infrastructure or in any of our products. We are continuing to work with partners and suppliers to mitigate any risks, which will take time.

We will follow our established coordinated disclosure processes if we discover Log4j vulnerabilities that change the risk profile of our products or any substantial risk to customers through these vulnerabilities in our IT infrastructure.