{"id":15890,"date":"2021-12-21T16:35:49","date_gmt":"2021-12-21T11:05:49","guid":{"rendered":"https:\/\/www.hexnode.com\/blogs\/?p=15890"},"modified":"2022-08-22T09:30:42","modified_gmt":"2022-08-22T04:00:42","slug":"log4j-vulnerability-hexnode-is-not-affected","status":"publish","type":"post","link":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/","title":{"rendered":"Log4j vulnerability \u2013 Hexnode is not affected"},"content":{"rendered":"<h2>The Log4j makes an appearance<\/h2>\n<p>A recent zero-day vulnerability impacting the <a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/index.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Apache Log4j library<\/a> was made public on December 9, 2021, and assigned the tag, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CVE-2021-44228<\/a>, scoring 10 of 10 on the Common Vulnerability Scoring System (CVSS).<\/p>\n<blockquote><p><strong>The team at Hexnode is aware of this exploit. Nonetheless, we would like to assure our customers that none of our products, services, websites, and internal or third-party infrastructure uses the Apache Log4j module for logging purposes, and hence, are not affected by this vulnerability.<\/strong><\/p><\/blockquote>\n<p>We will continue to track updates around this vulnerability and will offer more information as they become available.<\/p>\n    \t\t<div class=\"hts-messages hts-messages--alert  hts-messages--withtitle  \"   >\r\n    \t\t\t<span class=\"hts-messages__title\"><\/p>\n<h3>What is the Log4j vulnerability?<\/h3>\n<p><\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\tLog4j is a popular Apache library used for logging errors and events in Java-based applications. It enables developers to view system activity logs and keep an eye out for any problems. However, with the recent vulnerability, it has been discovered that an attacker can insert a JNDI lookup which, when logged, can perform remote code execution. This in turn enables the attacker to break into the system, steal passwords and logins, and install malicious software.<br \/>\nAccording to <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CVE-2021-44228<\/a>,<\/p>\n<blockquote><p><strong>An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.<\/strong><\/p><\/blockquote>\n<h4>Who are at risk?<\/h4>\n<p>Any Java-based software that uses the Log4j library, and runs Apache Log4j versions 2.0 to 2.14.1, are affected by these vulnerabilities. According to <a href=\"https:\/\/deps.dev\/advisory\/GHSA\/GHSA-jfh8-c2jp-5v3q\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Google&#8217;s Open Source Insights<\/a>, more than 35,000 Java packages, amounting to over 8% of the <a href=\"https:\/\/www.maven.org\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Maven Central repository<\/a> (The most significant Java package repository), have been impacted by log4j vulnerabilities.<\/p>\n<h4>How can you protect yourself?<\/h4>\n<ul>\n<li>Identify systems running the Apache Log4j library and patch them to the latest version (Versions 2.17.0, 2.16.0, and 2.15.0 have been patched or are currently unaffected by this vulnerability).<\/li>\n<li>Install updates and security patches provided by your tools and third-party vendors.<\/li>\n<li>Set your web application firewall to block Log4j library modules.<\/li>\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<h2>Log4j vulnerability overview \u2013 Hexnode is not affected<\/h2>\n<p>Following the Log4j exploit, Hexnode conducted a comprehensive <b>security impact assessment<\/b> to identify any potential vulnerabilities that may have arisen. The following are the results from the assessment.<\/p>\n<ul>\n<li>The <strong><a href=\"https:\/\/www.hexnode.com\/mobile-device-management\/unified-endpoint-management\/?utm_source=log4j&amp;utm_medium=referral&amp;utm_campaign=internal_link\" target=\"_blank\" rel=\"noopener\">Hexnode UEM cloud platform<\/a><\/strong> does not run on Java or use the Log4j library and is unaffected by this vulnerability.<\/li>\n<li>Similarly, our <strong>internal infrastructure<\/strong> does not run on Java or uses the Log4j library and is thus unaffected.<\/li>\n<li>All of our <strong>third-party tools and services<\/strong> that use Java have been thoroughly inspected and confirmed, and are found to be unaffected by these vulnerabilities.<\/li>\n<\/ul>\n<h2>We\u2019re here for you<\/h2>\n<p>In the wake of this vulnerability, we understand that many of our customers and partners are concerned about Log4j\u2019s potential threats to data security. You can rest assured, Hexnode is unaffected, and we do not anticipate any downtime.<\/p>\n<p>As part of our standard operating procedure, we will continue to monitor the situation including third party services we use. If you have additional questions, you can always reach out to mdm-support@hexnode.com.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recent zero-day vulnerability impacting the Apache Log4j library (CVE-2021-44228) was made public on December 9, 2021. Following the news of this exploit, Hexnode conducted a comprehensive security impact assessment to identify any potential vulnerabilities that may have arisen. Here are the results from the assessment.<\/p>\n","protected":false},"author":4,"featured_media":15917,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4888],"tags":[5024],"class_list":["post-15890","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcements","tag-cyber-threats","tab_group-inside-hexnode"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Log4j vulnerability \u2013 Hexnode is not affected<\/title>\n<meta name=\"description\" content=\"Since Hexnode and its dependencies do not use the Apache Log4j libraries, we can confirm that Hexnode is NOT susceptible to the Log4j vulnerabilities.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Log4j vulnerability \u2013 Hexnode is not affected\" \/>\n<meta property=\"og:description\" content=\"Since Hexnode and its dependencies do not use the Apache Log4j libraries, we can confirm that Hexnode is NOT susceptible to the Log4j vulnerabilities.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/\" \/>\n<meta property=\"og:site_name\" content=\"Hexnode Blogs\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-21T11:05:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-22T04:00:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/22173129\/Log4j-vulnerability-Hexnode-is-not-affected.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"688\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Apu Pavithran\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Apu Pavithran\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/\",\"url\":\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/\",\"name\":\"Log4j vulnerability \u2013 Hexnode is not affected\",\"isPartOf\":{\"@id\":\"https:\/\/www.hexnode.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/Log4j-vulnerability-Hexnode-is-not-affected.png?format=webp\",\"datePublished\":\"2021-12-21T11:05:49+00:00\",\"dateModified\":\"2022-08-22T04:00:42+00:00\",\"author\":{\"@id\":\"https:\/\/www.hexnode.com\/blogs\/#\/schema\/person\/b8bb7559a8371e90b8fe8008d3a3ae3d\"},\"description\":\"Since Hexnode and its dependencies do not use the Apache Log4j libraries, we can confirm that Hexnode is NOT susceptible to the Log4j vulnerabilities.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#primaryimage\",\"url\":\"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/Log4j-vulnerability-Hexnode-is-not-affected.png?format=webp\",\"contentUrl\":\"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/Log4j-vulnerability-Hexnode-is-not-affected.png?format=webp\",\"width\":1280,\"height\":688,\"caption\":\"Log4j vulnerability - Hexnode is not affected\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.hexnode.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Log4j vulnerability \u2013 Hexnode is not affected\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.hexnode.com\/blogs\/#website\",\"url\":\"https:\/\/www.hexnode.com\/blogs\/\",\"name\":\"Hexnode Blogs\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.hexnode.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.hexnode.com\/blogs\/#\/schema\/person\/b8bb7559a8371e90b8fe8008d3a3ae3d\",\"name\":\"Apu Pavithran\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hexnode.com\/blogs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7c41da2eaa38427029218fe628ceacbca31697ee08bbbfe982a102339a76debe?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7c41da2eaa38427029218fe628ceacbca31697ee08bbbfe982a102339a76debe?s=96&d=mm&r=g\",\"caption\":\"Apu Pavithran\"},\"description\":\"Founder and Chief Executive Officer\",\"url\":\"https:\/\/www.hexnode.com\/blogs\/author\/apupavithran\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Log4j vulnerability \u2013 Hexnode is not affected","description":"Since Hexnode and its dependencies do not use the Apache Log4j libraries, we can confirm that Hexnode is NOT susceptible to the Log4j vulnerabilities.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/","og_locale":"en_US","og_type":"article","og_title":"Log4j vulnerability \u2013 Hexnode is not affected","og_description":"Since Hexnode and its dependencies do not use the Apache Log4j libraries, we can confirm that Hexnode is NOT susceptible to the Log4j vulnerabilities.","og_url":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/","og_site_name":"Hexnode Blogs","article_published_time":"2021-12-21T11:05:49+00:00","article_modified_time":"2022-08-22T04:00:42+00:00","og_image":[{"width":1280,"height":688,"url":"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/22173129\/Log4j-vulnerability-Hexnode-is-not-affected.png","type":"image\/png"}],"author":"Apu Pavithran","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Apu Pavithran","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/","url":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/","name":"Log4j vulnerability \u2013 Hexnode is not affected","isPartOf":{"@id":"https:\/\/www.hexnode.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#primaryimage"},"image":{"@id":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/Log4j-vulnerability-Hexnode-is-not-affected.png?format=webp","datePublished":"2021-12-21T11:05:49+00:00","dateModified":"2022-08-22T04:00:42+00:00","author":{"@id":"https:\/\/www.hexnode.com\/blogs\/#\/schema\/person\/b8bb7559a8371e90b8fe8008d3a3ae3d"},"description":"Since Hexnode and its dependencies do not use the Apache Log4j libraries, we can confirm that Hexnode is NOT susceptible to the Log4j vulnerabilities.","breadcrumb":{"@id":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#primaryimage","url":"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/Log4j-vulnerability-Hexnode-is-not-affected.png?format=webp","contentUrl":"https:\/\/cdn.hexnode.com\/blogs\/wp-content\/uploads\/2021\/12\/Log4j-vulnerability-Hexnode-is-not-affected.png?format=webp","width":1280,"height":688,"caption":"Log4j vulnerability - Hexnode is not affected"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hexnode.com\/blogs\/log4j-vulnerability-hexnode-is-not-affected\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hexnode.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Log4j vulnerability \u2013 Hexnode is not affected"}]},{"@type":"WebSite","@id":"https:\/\/www.hexnode.com\/blogs\/#website","url":"https:\/\/www.hexnode.com\/blogs\/","name":"Hexnode Blogs","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hexnode.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.hexnode.com\/blogs\/#\/schema\/person\/b8bb7559a8371e90b8fe8008d3a3ae3d","name":"Apu Pavithran","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hexnode.com\/blogs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7c41da2eaa38427029218fe628ceacbca31697ee08bbbfe982a102339a76debe?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7c41da2eaa38427029218fe628ceacbca31697ee08bbbfe982a102339a76debe?s=96&d=mm&r=g","caption":"Apu Pavithran"},"description":"Founder and Chief Executive Officer","url":"https:\/\/www.hexnode.com\/blogs\/author\/apupavithran\/"}]}},"_links":{"self":[{"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/posts\/15890","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/comments?post=15890"}],"version-history":[{"count":14,"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/posts\/15890\/revisions"}],"predecessor-version":[{"id":19829,"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/posts\/15890\/revisions\/19829"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/media\/15917"}],"wp:attachment":[{"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/media?parent=15890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/categories?post=15890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexnode.com\/blogs\/wp-json\/wp\/v2\/tags?post=15890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}