Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)
we try to cover us for above with SVM. We know RedHat is covered in SVM but nothign on Windows OS.
We tried to download their sources but there is only *.jar and non of them have a signed certificate etc.
What are our options to find insecure apps/services on servers or endpoints on MS OS using SVM?
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
The SVM only scans DLL, exe, and ocx files and cant scan and report on .jar files. At this point, we strongly recommend you contact the official product vendor and follow the vendor's official remediation process.
From the SVM perspective, we have issued a couple of advisories covering CVE-2021-44228.
SA105668 Debian update for apache-log4j2
SA105493 VMware Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105503 Cisco Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105528 Debian update for apache-log4j2
SA105630 Apache log4j JNDI Arbitrary Code Execution Vulnerability