PrimeKey has conducted an assessment of the recently-announced CVE for the log4j library CVE-2021-44228. The quick answer is that most of our products are not affected. This includes EJBCA, SignServer, hardware appliances, and software appliances.
EJBCA and SignServer, including the Hardware Appliance and Software Appliance, make use of the application servers logging implementation which is not affected by this vulnerability.
Detailed investigations are still ongoing. For more information, refer to our Support portal.