Uwe Wirtz asked a question.
How to locate affected log4j with Risk Monitor? (CVE-2021-44228, Log4Shell)
Is there a way to find potential risks of CVE-2021-44228 (Log4Shell) in Risk Monitor?
I didn't find CVE-2021-44228 in the vulnerability explorer (yet).
BR, Uwe
Hi Uwe, in NIST CVE-2021-44228 is currently under analysis. As soon as it is updated, this will be reflected in Risk Monitor as well.
Best, Geoffrey
Hi Uwe, hi Geoff,
Unfortunately today Tuesday morning (after 4 days) this CVE-2021-44228 also for us still is not available in Risk Monitor.
In NIST database the status is now set to Modified.
Does anybody know, when Risk Monitor syncs with NIST ?
NVD - CVE-2021-44228 (nist.gov)
Hi all I wanted to share that there has been a new post on the New & Updates group: https://community.flexera.com/s/feed/0D5690000B5879cCQA
Also that we have put together some guidelines and insights about how Snow can help with finding potential installations affected by CVE-2021-44228. As we learn more we will be sure to update and improve the advice we've given here: https://community.flexera.com/s/article/How-Snow-can-help-with-CVE-2021-44228
I thought that this idea might be useful for future investigations perhaps. It might be helpful to have the option to use Snow to look for a suspicious file hash.