A new Flexera Community experience is coming on November 25th. Click here for more information.
Recently, a vulnerability within Apache Log4j caught widespread public attention and has security, operational and development teams alike scrambling for analyzing the impact within their own ecosystem and to apply mitigations if necessary. The wide use of Log4j and the ease of the exploitation of the vulnerability makes this vulnerability very suitable for quick and effective use within exploitation campaigns. Shortly after publication of the vulnerability Proof of Concepts (PoCs) and reports of exploitation began to arrive. For more details on this vulnerability and how it works, please see “Vulnerability Details” at the end of this article.
This article is intended to help explain how Flexera security products can help you identify and remediate this vulnerability. For the status of impacted Flexera products, please see this announcement.
Various teams across different Flexera solutions have been working overtime to ensure that our customers get immediate visibility on the impact of this and other vulnerabilities.
Alerts will be generated based on configured watch lists and configured notification settings.
SVR customers can expect to see:
Vulnerable products can be detected via file signatures which provide a definitive, actionable status. Where available, security updates may be published to remediate vulnerable instances detected in your environment.
SVM customers can expect to see:
This vulnerability will be the cause of many software vulnerability disclosures, but each application including and exposing it will typically issue its own disclosure. Our Secunia Research team will continually monitor for such and will create a file signature for SVM to detect and assess specific versions as vulnerable as appropriate.
AdminStudio recently added a new Windows Risk Assessment test rule to detect the presence of log4j files in your deployment packages. See details here.
AdminStudio customers can expect to see:
Affected products may be detected in your inventory to provide a directional assessment. This can help you determine where to look closer, but a definitive vulnerability status may not be possible due to a lack of version granularity depending upon the application in question.
Data Platform customers can expect to see:
IT Visibility customers can expect to see any detected installations of impacted Apache log4j products and/or releases in their inventory, providing the evidence already exists in our recognition library (note that any net new evidence may still need to go through the gap-fill process). Similar to Data Platform (as both solutions are powered by Technopedia), the detection of the impacted products in your inventory will provide a directional assessment as the version granularity may not correspond directly to the vulnerability and its variants.
The capability to show the vulnerability information, however, is not currently available in IT Visibility. This is something that we’re actively working on to make available in the first half of 2022.
Similar to IT Visibility, FNMS and ITAM customers can also expect to see Apache log4j applications which are potentially impacted by this attack. Given the fact that applications granularity in the ARL library is captured only at the major.minor version, further investigation may be needed to identify the subset of installations in their inventory with the exact build and/or patch levels.
-
For details on the Log4j vulnerability please see Apache Log4j "Log4Shell" and Beyond