- Flexera Community
- Software Vulnerability Management
- Software Vulnerability Management Release Blog
- SVM December Update for Log4j Detection
SVM December Update for Log4j Detection
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Printer Friendly Page
- Report Inappropriate Content
Being aware of vulnerable software in your environment and being able to patch them to be on a secure version has become extremely critical after the exposure of the recent Apache’s Log4j vulnerability. We understand this importance and have been on top of this global issue right from the moment of its disclosure to design a solution in SVM to help you with the awareness of the presence of this extremely critical vulnerability in their environment. Today’s release of SVM adds enhancement to the host agent and the scanning logic to detect log4j files.
The SVM's Single Host Agent (v126.96.36.199) can now detect the log4j jar files installed on a host machine. The scan type must be set to either 2 or 3 for the agent to detect log4j jar files. SVM will identify the version of the detected log4j file and categorize it as Secure, Insecure and EOL, to make you aware of vulnerable log4j versions in your environment. It is important to note that only the log4j-core*.jar files are found to be vulnerable, therefore SVM detects only these files during the scan.
The log4j component may have been installed as a part of any software on a machine, however, when it is detected, SVM will associate it with the product Apache Log4j in the Scan Result view for a host. There will be a need to manually review the path of the log4j file in the scan results to identify the actual product which installed this file on the host. You must follow up with the vendor of the product to either get a patched version or follow the recommendation from the vendor to fix this vulnerable file in the product.
Secunia Advisories are authored for these vulnerabilities to give you insights about this vulnerability with details on impacted versions of log4j.
You may take advantage of Smart Groups to configure a new smart group to get a list of all the log4j versions installed across various hosts in your environment, to help you prioritize and focus on these products/hosts immediately. Under the Product Smart Groups, use the criteria as shown in the below screenshots to get the list of log4j versions in your environment:
Smart Group results:
At this point, our goal was to give a quick solution to help you detect log4j vulnerable files in your environment for your immediate attention. We will continue monitoring updates on this vulnerability and add enhancements to this solution as and when applicable.
For the status of impacted Flexera products, please see this announcement.
Thank you fore this information. I run SVM on prem, CSIA version 188.8.131.52 and I see neither the advisories nor any log4j detections. What is the SVM Host Agent? Is that the same as the corporate software inspection agent we deploy? If so, why is the version you mention less than what I already have? What do I need to do in order to gain this valuable visibility into my env?
The number after the second decimal point in the version number represents if the agent belongs to SVM cloud or on-prem. 0 represents SVM cloud agent and 1 represents SVM on-prem agent. The new version agent (v184.108.40.206) released today is for SVM cloud. An updated version of the agent for SVM on-prem with log4j detection capability will be released very soon.
Very nice. Thank you.
I applied the December 2021 R4 update last week and I now have visibility into log4j 1.x and 2.x. Thank you.
Good to know, thanks for the update @rboden.
We have agent 220.127.116.11 with SVM cloud - should we be able to see log4j advisories and detections?
Hi, you need 18.104.22.168 client for it to enable the log4j scans. The cloud update is done but agent need update to turn it on.
Thanks for confirming., now getting agents updates.
Another question which I'd be grateful for advice on.
If I go to All Advisories and search for SA105360 / SA105605 nothing is displayed. Will the advisories only be displayed if relevant products are found in scans or is there something else I need to do?
Evening, advisory and products in cloud instance will update on 22.214.171.124 agents scanning finding an log4j install and 1.x as EOL and 2.17.x or lower as secure or insecure.
Thanks for confirming. will this work the same for Red Hat Linux and Mac agents?
We only deploy all Redhat this Friday the new agent. The 126.96.36.199 was able to find already log4j1.2. We will only see if more comes in after 188.8.131.52 went out.
Mac, we not really use and only limited scope.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.