This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Advisory: Log4j Java Vulnerability (CVE-2021-44228)

Shoggi
By
Level 5

Dear team,

we try to cover us for above with SVM. We know RedHat is covered in SVM but nothign on Windows OS.

We tried to download their sources but there is only *.jar and non of them have a signed certificate etc.

What are our options to find insecure apps/services on servers or endpoints on MS OS using SVM?

Lukas

‎Dec 13, 2021 06:42 AM

(1) Reply

raslam
By Level 7 Flexeran
Level 7 Flexeran

Lucas, 

The SVM only scans DLL, exe, and ocx files and cant scan and report on .jar files. At this point, we strongly recommend you contact the official product vendor and follow the vendor's official remediation process. 

From the SVM perspective, we have issued a couple of advisories covering CVE-2021-44228. 

For example 

SA105668 Debian update for apache-log4j2
SA105493 VMware Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105503 Cisco Multiple Products Apache log4j JNDI Arbitrary Code Execution Vulnerability
SA105528 Debian update for apache-log4j2
SA105630 Apache log4j JNDI Arbitrary Code Execution Vulnerability

‎Dec 13, 2021 07:46 AM

Top Kudoed Authors
View all