...
Our platform yarn_man that hosts both test_mate, yarn_gate and wranger_ predominantly uses node.js and javascript is the programming language which is not affected as this does not use the java logging librarylog4jlibrary log4j. There is a small java module jade-berlin that provides the interface to JTAPI that is part of yarn_man but this does not use the log4j logging library.
We have done a detailed review of the 3rd party dependencies and none are reported to be affected by CVE-2021-45046 and CVE-2021-44228.There is an potential indirect dependency on the Cisco jtapi.jar java libary that test_mate uses for JTAPI connectivity. The jtapi.jar uses log4j although the attack surface is minimal as to exploit would require authenticated user level access to test_mate and manipulation of the JTAPI connection string used on the CUCM interface.
Once Cisco releases the fix for CUCM the jtapi.jar can be easily updated via the yarn_man administration portal, it should be noted that this jar shipped by Cisco based on the specific version of CUCM.