Recently, a vulnerability within Apache Log4j caught widespread public attention and has security, operational, and development teams alike scrambling for analyzing the impact within their own ecosystem and to apply mitigations if necessary. The wide use of Log4j and the ease of the exploitation of the vulnerability makes this vulnerability very suitable for quick and effective use within exploitation campaigns. Shortly after the publication of the vulnerability Proof of Concepts (PoCs) and reports of exploitation began to arrive. For more details on this vulnerability and how it works, please see “Vulnerability Details” at the end of this article.
This article is intended to help explain how Flexera security products can help you identify and remediate this vulnerability. For the status of impacted Flexera products, please see this announcement.
Alerts will be generated based on configured watch lists and configured notification settings.
SVR customers can expect to see:
Vulnerable products can be detected via file signatures which provide a definitive, actionable status. Where available, security updates may be published to remediate vulnerable instances detected in your environment.
SVM customers can expect to see:
This vulnerability will be the cause of many software vulnerability disclosures, but each application including and exposing it will typically issue its own disclosure. Our Secunia Research team will continually monitor for such and will create a file signature for SVM to detect and assess specific versions as vulnerable as appropriate.
For details on the Log4j vulnerability please see Apache Log4j "Log4Shell" and Beyond
To see how other Flexera solutions can help customers get immediate visibility on the impact of this and other vulnerabilities, please go to this main article on the Community Hub where you can find the complete detail across all Flexera solutions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.