we try to cover us for above with SVM. We know RedHat is covered in SVM but nothign on Windows OS.
We tried to download their sources but there is only *.jar and non of them have a signed certificate etc.
What are our options to find insecure apps/services on servers or endpoints on MS OS using SVM?
Dec 13, 2021 06:42 AM
The SVM only scans DLL, exe, and ocx files and cant scan and report on .jar files. At this point, we strongly recommend you contact the official product vendor and follow the vendor's official remediation process.
From the SVM perspective, we have issued a couple of advisories covering CVE-2021-44228.
SA105668 Debian update for apache-log4j2
SA105493 VMware Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105503 Cisco Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105528 Debian update for apache-log4j2
SA105630 Apache log4j JNDI Arbitrary Code Execution Vulnerability
Dec 13, 2021 07:46 AM