Hi team,
I came across this article lately https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/
Would like to know if Hexnode is vulnerable to log4j(CVE-2021-44228).
661 Views
Replies (1)
Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review
Hello @clauss,
Thanks for contacting us,
Log4j is a Java software library used to log error messages in applications. This week, it was reported that attackers exploited a flaw within this software library.
The CVE-2021-44228 is a remote code execution vulnerability in Apache Log4j 2 where an attacker who takes control over the log messages and log message parameters runs arbitrary code loaded from LDAP servers. Apache Log4j2 versions, including 2.16.1 and higher, are vulnerable to this attack.
Fortunately, Hexnode has not identified any impact of the Log4j vulnerability CVE-2021-44228 because neither our server network nor the applications use this logging package.
Have a look at our official statement on Log4j vulnerability.
Regards,
Catherine George
-
Expand
Save
Copy link
Scroll to top
