Are Citavi products affected by the recent vulnerability CVE-2021-44228 (Log4Shell/LogJam/log4j2)?
The initial investigation is complete and QSR has not been impacted by the vulnerability. We are monitoring the situation and will advise if something is identified.
QSR software products (NVivo, Sonia and Citavi) are not impacted by the CVE-2021-44228 vulnerability. The Apache Log4j library is not used with any of these products.
In cases where the Log4j library has been used on any servers, the vulnerability has been mitigated by using a different version or following the advice from the vendor. To date our analysis has not identified compromise of QSR systems.