Mideye Server 4 releases use Log4j 1.x, not the 2.x version that has the vulnerability. The latest Mideye R4 version (4.7.2) has been tested with malicious code insertion, and we have not been able to detect any vulnerability.

Mideye Server 5 releases use Logback per default, which is unrelated to log4j 2.x and does not share its vulnerabilities (http://logback.qos.ch/). In R5.6.3, all Log4j2 dependencies are removed from classpaths. This blocks the possibility to manually modify the installation package and enable Log4j instead of the default logging framework (Logback).

MobileID server (any release) is based on C language code, not Java, and per default Java and Log4j is not installed on MobileID platforms. We have tested MobileID with malicious code inserts that reveal Log4j vulnerabilities, but have not been able to detect any anomalies.

Mideye central and internal systems are undergoing review, so far no vulnerability has been revealed.