Summary:

Recently, a critical vulnerability related to Log4j was identified under CVE-2021-44228. This vulnerability allows attackers to send and execute code remotely. Additional Log4j vulnerabilities have since been identified: CVE-2017-5645, CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832.

CVSS:3.0 10.0

Overview and Impact:

CVE-2021-44228 is the designation for this vulnerability and affects Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features. 

Upgrading to version 2.17 is the recommended remediation based on CVE-2021-45105.

Confirmed Not Impacted 

• NIOS 8.4.x, 8.5.x, 8.6.x
• Additionally, current FIPS and Common Criteria releases are also not impacted
• BloxOne Products
• BloxOneDDI
• BloxOne Threat Defense

Affected

• Patches for the following NetMRI versions have been released:
  • V7.3.X-NETMRI-34930
  • V7.4.X-NETMRI-34930
  • V7.5.X-NETMRI-34930

Workaround: 

• Apply NetMRI hotfix, if AutoUpdate feature is not enabled.

Resolution: 

No action is required for NIOS or BloxOne products identified above.