Is Hexnode vulnerable to log4j(CVE-2021-44228)?Solved

Participant
Discussion
3 years ago

Hi team,

I came across this article lately https://www.zdnet.com/article/log4j-zero-day-flaw-what-you-need-to-know-and-how-to-protect-yourself/

Would like to know if Hexnode is vulnerable to log4j(CVE-2021-44228).

Replies (1)

Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review

Hello @clauss,

Thanks for contacting us,

Log4j is a Java software library used to log error messages in applications. This week, it was reported that attackers exploited a flaw within this software library.

The CVE-2021-44228 is a remote code execution vulnerability in Apache Log4j 2 where an attacker who takes control over the log messages and log message parameters runs arbitrary code loaded from LDAP servers. Apache Log4j2 versions, including 2.16.1 and higher, are vulnerable to this attack.

Fortunately, Hexnode has not identified any impact of the Log4j vulnerability CVE-2021-44228 because neither our server network nor the applications use this logging package.

Have a look at our official statement on Log4j vulnerability.

Regards,

Catherine George

  • This reply was modified 2 years, 10 months ago by  Catherine.
  • This reply was modified 2 years, 10 months ago by  Michelle.
  • This reply was modified 2 years, 8 months ago by  Catherine.
  • This reply was modified 2 years, 8 months ago by  Catherine.
  • This reply was modified 2 years, 7 months ago by  Catherine.