Apache Log4j2 (Log4Shell) RCE Vulnerability – CVE-2021-44228
- Accops
- December 12, 2021
- 6:57 pm
On Dec 9th, a zero-day exploit in an open-source library named “Log4j” was made public. This library is very popular for creating logs by Java applications.
The vulnerability is labelled as Log4Shell (CVE-2021-44228: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) and results in remote code execution (RCE) and is assigned highest CVE severity level of 10. The vulnerability impacts Apache Log4j2 versions 2.0 to 2.14.1.
The vulnerability can be exploited very easily if a user can connect to a Java based application and user can send a specially crafted string to the application over any protocol including TCP, HTTP or HTTPS.
It is particularly difficult to detect the presence of the library because it can be used in a source code form in any Java-based application and so simple software BOM generation tools may not be effective.
This announcement summarizes any potential impacts to Accops products and related announcements for mitigations of the issue.
Accops engineering and security team continue to actively work on identifying Accops’ and open-source modules included as part of Accops products which uses the log4j library for logging.
Accops has concluded that following products (all versions) do not use log4j library and are NOT vulnerable:
1. HySecure
2. HyWorks
3. HyDesk
4. HyID
5. BioAuth
6. Nano
7. HyLabs
Following modules uses Java and analysis shows that the module is not vulnerable to RCE.
1. Accops Reporting Server based on ELK stack
Accops Reporting server is an internal service and is based on ELK stack and is built using Java.
Elasticsearch contains the vulnerable class which can lead to information leakage. (Apache Log4j2 Remote Code Execution (RCE) Vulnerability – CVE-2021-44228 – ESA-2021-31 – Announcements / Security Announcements – Discuss the Elastic Stack).
After a detailed analysis, our engineering team has released a patch to fix the issue.Kindly download patch by clicking below link :
https://downloads.accops.com/public/Log4j+Mitigation/ARS_Log4j_Mitigation.zip
Share With:
You may also like
Improve Performance With An Efficient Digital Workspace
As technological innovation accelerates, new expectations are imposed on organizations that want to remain competitive in an expanding economy. In 2018, 90 percent of the
Desktop Virtualization Trends In 2022
As we’re at the peak of the digital era, there’s no doubt that cloud-native technologies will continue to play a large role in the workspace,
Why Cybersecurity Is More Than Just An ‘IT Issue’
What comes to mind when you think about cybersecurity? For many, the first thing that comes to mind is the IT department. While cybersecurity challenges
