Jan 7, 2021•Knowledge
Summary:
Recently, a critical vulnerability related to Log4j was identified under CVE-2021-44228. This vulnerability allows attackers to send and execute code remotely. Additional Log4j vulnerabilities have since been identified: CVE-2017-5645, CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.
CVSS:3.0 10.0
Overview and Impact:
CVE-2021-44228 is the designation for this vulnerability and affects Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features.
Upgrading to version 2.17 is the recommended remediation based on CVE-2021-45105.
Confirmed Not Impacted
- NIOS 8.4.x, 8.5.x, 8.6.x
- Additionally, current FIPS and Common Criteria releases are also not impacted
- BloxOne Products
- BloxOneDDI
- BloxOne Threat Defense
Affected
- Patches for the following NetMRI versions have been released:
- V7.3.X-NETMRI-34930
- V7.4.X-NETMRI-34930
- V7.5.X-NETMRI-34930
Workaround:
- Apply NetMRI hotfix, if AutoUpdate feature is not enabled.
Resolution:
No action is required for NIOS or BloxOne products identified above.