Hi team,
I came across this article lately https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/
Would like to know if Hexnode is vulnerable to log4j(CVE-2021-44228).
Hi team,
I came across this article lately https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/
Would like to know if Hexnode is vulnerable to log4j(CVE-2021-44228).
Hello @clauss,
Thanks for contacting us,
Log4j is a Java software library used to log error messages in applications. This week, it was reported that attackers exploited a flaw within this software library.
The CVE-2021-44228 is a remote code execution vulnerability in Apache Log4j 2 where an attacker who takes control over the log messages and log message parameters runs arbitrary code loaded from LDAP servers. Apache Log4j2 versions, including 2.16.1 and higher, are vulnerable to this attack.
Fortunately, Hexnode has not identified any impact of the Log4j vulnerability CVE-2021-44228 because neither our server network nor the applications use this logging package.
Have a look at our official statement on Log4j vulnerability.
Regards,
Catherine George
Don't have an account? Sign up