HomeDocumentationCode SamplesAnnouncementsModelsRelease NotesFAQVideos
Developer HubAPI StatusSupport
Announcements
Developer HubAPI StatusSupport
Back to All

Reminder: Apache Log4j vulnerabilities

February 10th, 2022 by AliH_Amazon

As Developers, you are aware of the Apache Log4j vulnerabilities published in December 2021, including but not limited to (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228). This notice is to remind all Selling Partner API developers to ensure that all systems containing Amazon data are protected from the recently disclosed Log4j vulnerabilities.

Which marketplaces are affected?

This affects all marketplaces supported by Amazon Services API (including MWS).

Who is affected?

All Amazon Services API (includes MWS) Developers.

What action is required?

Ensure that all systems containing Amazon data are protected from the recently disclosed Apache Log4j vulnerabilities published in December 2021, including but not limited to (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228). It is a violation of the Amazon Services API Data Protection Policy to not ensure customer data is protected from known vulnerabilities. Breaches of this policy can result in the loss of Developer SP-API access.

Best regards,

The Selling Partner API team