Reminder: Apache Log4j vulnerabilities
As Developers, you are aware of the Apache Log4j vulnerabilities published in December 2021, including but not limited to (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228). This notice is to remind all Selling Partner API developers to ensure that all systems containing Amazon data are protected from the recently disclosed Log4j vulnerabilities.
Which marketplaces are affected?
This affects all marketplaces supported by Amazon Services API (including MWS).
Who is affected?
All Amazon Services API (includes MWS) Developers.
What action is required?
Ensure that all systems containing Amazon data are protected from the recently disclosed Apache Log4j vulnerabilities published in December 2021, including but not limited to (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228). It is a violation of the Amazon Services API Data Protection Policy to not ensure customer data is protected from known vulnerabilities. Breaches of this policy can result in the loss of Developer SP-API access.
Best regards,
The Selling Partner API team