Is Hexnode vulnerable to log4j(CVE-2021-44228)?

expand collapsive

Hi team,

I came across this article lately https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/

Would like to know if Hexnode is vulnerable to log4j(CVE-2021-44228).

All Replies

  • Hexnode

    Catherine

    Keymaster

    Hello @clauss,

    Thanks for contacting us,

    Log4j is a Java software library used to log error messages in applications. This week, it was reported that attackers exploited a flaw within this software library.

    The CVE-2021-44228 is a remote code execution vulnerability in Apache Log4j 2 where an attacker who takes control over the log messages and log message parameters runs arbitrary code loaded from LDAP servers. Apache Log4j2 versions, including 2.16.1 and higher, are vulnerable to this attack.

    Fortunately, Hexnode has not identified any impact of the Log4j vulnerability CVE-2021-44228 because neither our server network nor the applications use this logging package.

    Have a look at our official statement on Log4j vulnerability.

    Regards,

    Catherine George