Some users may experience issues accessing the case portal. For more information, please click here.

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Shoggi
Level 5
‎Dec 13, 2021 06:42 AM

Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)

Dear team,

we try to cover us for above with SVM. We know RedHat is covered in SVM but nothign on Windows OS.

We tried to download their sources but there is only *.jar and non of them have a signed certificate etc.

What are our options to find insecure apps/services on servers or endpoints on MS OS using SVM?

Lukas

This thread has been automatically locked due to inactivity.

To continue the discussion, please start a new thread.
1 Reply
raslam
Level 7 Flexeran
Level 7 Flexeran
‎Dec 13, 2021 07:46 AM

Lucas, 

The SVM only scans DLL, exe, and ocx files and cant scan and report on .jar files. At this point, we strongly recommend you contact the official product vendor and follow the vendor's official remediation process. 

From the SVM perspective, we have issued a couple of advisories covering CVE-2021-44228. 

For example 

SA105668 Debian update for apache-log4j2
SA105493 VMware Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105503 Cisco Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105528 Debian update for apache-log4j2
SA105630 Apache log4j JNDI Arbitrary Code Execution Vulnerability