We are using IaaS and have 27 servers hosting
        my custom application
        
        this application is written in Java and uses a number
        of 3rd party frameworks
        
        we have a lot of Logging using Apache Log4J
        
        I am the security officer for the organization
        I am responsible of avoiding headlines in the Wall Street Journal
        
        I read about a  vulnerability in Log4J
        
        Question: Are we using the version w/ the problem?
        
        do I have a list of 3rd party frameworks?
        does this list show the version?
        does this list show the appl using this framework?