Log4j vulnerability (last update: 17-12)

The world has been shaken up by a serious leak in an open source product from the Apache Foundation. The component in question is called Log4j. The leak makes many systems worldwide vulnerable to abuse by cybercriminals. The problem with Log4j is that it is integrated into a lot of software. This makes analysis and resolution complex.

Here we provide an overview of our products and vendors, to what extent they have been affected by the leak and what solution they propose. In many cases a solution or workaround is available.

Of course we can support you in resolving the vulnerability and implementing this solution. If you want our support, you can use the usual support channels, but we would advise you to give us a call. If desired, we can go through the manufacturer's proposed solution for each product with you.

General

The vulnerability was published on December 9, 2021 and is formally called "CVE-2021-44228 vulnerability". The vulnerability is in versions lower than 2.15.0 of Apache Log4j (2.14.1 and lower). The vulnerability is also referred to as Log4Shell or LogJam.

A word of caution when troubleshooting the issue: follow the manufacturer's or Apache Foundation's instructions. Downloading and implementing solution found elsewhere may not solve the problems and may even lead to greater damage.

References:

Log4j – Apache Log4j Security Vulnerabilities

CVE - CVE-2021-44228 (mitre.org)

Updates

2021-12-15: A second vulnerability has been found in the same components. This one is known by attribute CVE-2021-45046. It is a result of an incomplete fix of the initial vulnerability.

2021-12-17: Updates from ManageEngine. Links are updated to most recent info.

2021-12-20: Apache releases a third patch (Log4j 2.17.0) in order to fix the vulnerability.

Kaspersky

NONE of Kaspersky's products contain this vulnerability

Referentie: CVE-2021-44228 vulnerability in Apache Log4j library | Securelist

KnowBe4

KnowBe4 indicates that it does not use the Log4j components.

Thales

Some versions of Sentinel product line may contain the vulnerability. On this page, Thales provides an update on the status.

Reference: Knowledge Article View - Thales Customer Support (thalesgroup.com)

Fortinet

A few of Fortinet's products contain the mentioned vulnerability. On the site of Fortinet there is an overview (link).

Reference: CVE-2021-44228 — Apache Log4j Vulnerability | Fortinet

Forcepoint

Some of Forcepoint's products use the Log4j components and are therefore potentially vulnerable.

All of Forcepoint's products not listed are safe because they do not use Java or a safe version of Log4j.

Forcepoint recommends performing the suggested remedial actions as soon as possible.

Forcepoint DLP

Forcepoint DLP uses Log4j and needs to be repaired.

CVE-2021-44228 Java log4j vulnerability mitigation with Forcepoint DLP

Forcepoint Security Manager (Web, email en DLP)

CVE-2021-44228 Java log4j vulnerability mitigation with Forcepoint Security Manager

ManageEngine

ManageEngine indicates that their products do not directly use Log4j for logging. However, a number of ME products do use additional third-party components that may use Log4j and thus introduce a vulnerability.

The ManageEngine products that may contain Log4j are:

Product name	Jar version in bundled dependency
ADManager Plus	V2.11.1
ADAudit Plus	V2.10.0
DataSecurity Plus	V2.10.0
EventLog Analyzer	V2.9.1
M365 Manager Plus	V2.11.1
RecoveryManager Plus	V2.11.1
Exchange Reporter Plus	V2.11.1
Log360	V2.9.1
Log360 UEBA	V2.11.1
Cloud Security Plus	V2.9.1
M365 Security Plus	V2.11.1
Analytics Plus	V2.7

ME products not listed above do NOT contain the vulnerability.

For each product, which may use the Log4j component through third parties, ME provides a solution.

ADAudit Plus

Steps to protect ADAudit Plus from Log4j vulnerabilities (CVE-2021-45046 and CVE-2021-44228) (manageengine.com)

ADManager Plus

Update 2 about Apache Log4j vulnerabilities (CVE-2021-45046 and CVE-2021-44228): Steps to protect ADManager Plus (manageengine.com)

Analytics Plus

Update on the recent Apache Log4j2 vulnerabilities - Impact on ManageEngine Analytics Plus

Cloud Security Plus

Steps to protect Cloud Security Plus from Log4j vulnerabilities (CVE-2021-45046 and CVE-2021-44228) (manageengine.com)

DataSecurity Plus

Vulnerability news update - Data Security Plus (manageengine.com)

EventLog Analyzer

Fixing Log4j CVE-2021-44228 Vulnerability In EventLog Analyzer (manageengine.com)

Exchange Reporter Plus

Precautionary steps to take against Log4j vulnerability (manageengine.com)

Log360

Steps to protect Log360 from Log4j Vulnerabilities (manageengine.com)

Log360 UEBA

Precautionary steps to protect Log360 UEBA from Log4j vulnerabilities CVE-2021-45046 and CVE-2021-44228 (manageengine.com)

M365 Manager Plus

[Update] Precautionary steps to protect M365 Manager Plus from Log4j vulnerability (CVE-2021-44228 and CVE-2021-45046) (manageengine.com)

M365 Security Plus

[Update] Precautionary steps to protect M365 Security Plus from Log4j vulnerability (CVE-2021-44228 and CVE-2021-45046) (manageengine.com)

RecoveryManager Plus

[Update] Precautionary steps to protect RecoveryManager Plus from Log4j vulnerabilities (CVE-2021-44228) and (CVE-2021-45046) (manageengine.com)

Reference: Update on the recent Apache Log4j2 vulnerability - Impact on ManageEngine on-premises products

CBABenelux

CBABenelux, the One Stop IT tooling & IT Security service partner, is located in Amsterdam Sloterdijk. As a distributor, since 1999, specialized in IT tools for IT management and IT security. CBABenelux has 12 senior IT employees, with in-depth knowledge of all products supplied. We have partnerships with Fortinet, Forcepoint, Kaspersky, ManageEngine and Thales.

CBABenelux can help you implement a fix. Please contact us for more information: Contactform | CBABenelux

AlarmsOne

Analytics Plus Cloud

Cloud Security Plus

CloudSpend

Endpoint Central - Cloud

Endpoint Central MSP Cloud

Forcepoint Cloud Access Security Broker

Forcepoint Email Security

Forcepoint Secure Web Gateway

Identity Manager Plus Standard Edition - Cloud

Identity360 - Cloud

Kaspersky Endpoint Security Cloud

Kaspersky Endpoint Security for Business

Kaspersky Hybrid Cloud Security

Knowbe4 Security Awareness

Log360 Cloud

M365 Manager Plus

Mobile Device Manager Plus

Patch Manager Plus Cloud

Remote Access Plus - Cloud

Servicedesk Plus Cloud

Site24x7

Thales Safenet Trusted Access

AD360

Application Control Plus

AssetExplorer

Browser Security Plus

Device Control Plus

Endpoint Central

Endpoint Central - Cloud

Endpoint DLP Plus

Installation and Support services

Mobile Device Manager Plus

Mobile Device Manager Plus

Network Configuration Manager

OS Deployer

Patch Connect Plus

Patch Manager Plus

Patch Manager Plus Cloud

RecoveryManager Plus

Remote Access Plus

ServiceDesk Plus IT Helpdesk

Services

AD360

ADAudit Plus

ADManager Plus

ADManager Plus MSP

ADSelfService Plus

DataSecurity Plus Professional

Exchange Reporter Plus

FileAudit

Installation and Support services

M365 Manager Plus

RecoveryManager Plus

Services

Sharepoint Manager Plus

AD360

AlarmsOne

Analytics Plus

Analytics Plus Cloud

Application Control Plus

Applications Manager

Darktrace

EventLog Analyzer

Exchange Reporter Plus

Firewall Analyzer

Installation and Support services

NetFlow Analyzer

Network Configuration Manager

OpManager

OpUtils

Services

Site24x7

Zoho Analytics Professional

ADAudit Plus

Access Manager Plus

Browser Security Plus

Cloud Security Plus

Darktrace

Darktrace Antigena