Identifying Apache Log4j JNDI Vulnerability “Log4Shell” and Variants (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104) with SVM

bkelly
Moderator Moderator
Moderator
5 4 1,856

Apache-Log4j-Logo.png

Recently, a vulnerability within Apache Log4j caught widespread public attention and has security, operational, and development teams alike scrambling for analyzing the impact within their own ecosystem and to apply mitigations if necessary. The wide use of Log4j and the ease of the exploitation of the vulnerability makes this vulnerability very suitable for quick and effective use within exploitation campaigns. Shortly after the publication of the vulnerability Proof of Concepts (PoCs) and reports of exploitation began to arrive. For more details on this vulnerability and how it works, please see “Vulnerability Details” at the end of this article.

This article is intended to help explain how Flexera security products can help you identify and remediate this vulnerability. For the status of impacted Flexera products, please see this announcement.

 

Software Vulnerability Research (SVR)

Alerts will be generated based on configured watch lists and configured notification settings.

SVR customers can expect to see:

  • Up-to-date Secunia Advisories (SA105630, SA105605, SA105601) and further third-party product-related Secunia Advisories which contain detailed information on the vulnerability and its variants, including the solutions/patches and available CPEs
  • CVEs associated with the vulnerability and its variants as published by a trusted source (for example, the vendor Apache or MITRE)
  • Threat intelligence information associated with the vulnerability and its variants (if entitled to our Threat Intel module)

 

Software Vulnerability Manager (SVM)

Vulnerable products can be detected via file signatures which provide a definitive, actionable status. Where available, security updates may be published to remediate vulnerable instances detected in your environment.

SVM customers can expect to see:

  • Impacted software product versions being detected in their inventory
    • NEW SVM's Single Host Agent (v7.6.0.19) can now detect the log4j-core*.jar files installed on a host machine. See details here.
    • We are and will continue, actively working to obtain more vulnerable product versions in order to create file signatures. If you are aware of a software version that is impacted but not yet detected, please submit it via the normal software suggestion process to help us to get the details necessary to create a file signature.
  • CVE associated with the vulnerability and its variants as published by a trusted source (for example, the vendor Apache or MITRE)
  • Threat intelligence information associated with the vulnerability and its variants (if entitled to our Threat Intel module)
  • Patches you can publish to remediate this vulnerability and its variants for covered products as they are released by their respective vendors.

This vulnerability will be the cause of many software vulnerability disclosures, but each application including and exposing it will typically issue its own disclosure. Our Secunia Research team will continually monitor for such and will create a file signature for SVM to detect and assess specific versions as vulnerable as appropriate.

 

 

For details on the Log4j vulnerability please see Apache Log4j "Log4Shell" and Beyond

 

How Other Flexera Solutions Can Help

To see how other Flexera solutions can help customers get immediate visibility on the impact of this and other vulnerabilities, please go to this main article on the Community Hub where you can find the complete detail across all Flexera solutions.

4 Comments
Director, Product Management Charlotte, NC