We are aware of the recently disclosed RCE (Remote Code Execution) vulnerability in the Log4j2 library CVE-2021-44228 (also called Log4Shell).
We reviewed our products and libraries used and we determined our products are not affected by this vulnerability, see details below:
Inphinity Forms
Inphinity Forms are not using any version of Log4j library and thus are not affected by CVE-2021-44228.
Inphinity Flow
Inphinity Flow is a front-end extension, does not use Java at all, does not use the Log4j library thus is not affected by Log4Shell.
Inphinity Mole
Inphinity Mole UDC is using Log4j v.1.2.17 that is not affected by CVE-2021-44228. This version does not contain the exploitable JndiLookup class present in versions from 2.0 to 2.14.1. Currently, there is no knowledge of RCE exploits against Log4j v1.2 log message substitution similar to Log4j2.
Another vulnerability (CVE-2019-17571) was found to be present in the library version used, but the affected component (SocketServer class) is not used in the product and the product is not affected by CVE-2019-17571.
Qlik Sense
Regarding Qlik Sense and related products, you can find information here.