Parallels is aware of the security vulnerability CVE-2021-44228 affecting Apache Log4j2 which, if exploited, allows an attacker who is able to control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
Security vulnerability description: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Please be advised that Parallels products are not affected by CVE-2021-44228 (Log4Shell) since it doesn't use the Log4j library.
Parallels did investigate the potential impact on Parallels products. Please find the present status of every product below:
|Parallels RAS||Not affected|
|Parallels Desktop||Not affected|
|Parallels Access||Not affected (all platforms)|
|Parallels Toolbox||Not affected (all platforms)|
|Parallels Device Management||Not affected|
|Parallels Client||Not affected (all platforms)|
|Parallels Transporter||Not affected (all platforms)|