How to protect against Log4j Vulnerability

Bob Deleeck
Bob Deleeck
15 december 2021
SHARE

VMware Rubrik Nutanix Citrix

Log4j affects thousands of companies worldwide!

The Internet is being shaken up by a bug in Log4j. The leak was given the name Log4Shell and impacts almost all software vendors and thus many companies worldwide.

If you want to read more in detail about the Apache CVE-2021-44228, read the "Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild" written by Martin Zugec

You can do an application vulnerability check again this list for all known affected software. "List of software (un)affected by the log4shell CVEs"

Agisko - Social - How to protect against Log4j Vulnerability-Medium-Quality

Because many vendors and software packages use the log4j component, this needs your immediate attention.

Below you will find the information about Log4j impact of the following vendors;

Do you want to get notified about future Critical Product Notifications?

Subscribe to our free service that will inform you about future security patches and critical updates.

Subscribe Now

 

Rubrik 

Rubrik has issued a new critical security bulletin RBK-20211210-V0030, in response to industry issues regarding the open-source Apache Software Foundation log4j Java logging component, a critical vulnerability with a CVSSv3 score of 10 out of 10, named CVE-2021-44228.

What Rubrik products are impacted?

Rubrik has determined that Polaris and all CDM 6.0, 5.3, and 5.2 versions are not vulnerable using known LDAP server attack vectors. All current Rubrik software platform versions run JDK versions, which are not affected by the Log4j vulnerability. In addition, Rubrik used known LDAP attack vectors to conduct multiple proof-of-concept attacks on Rubrik Polaris and CDM, but none of them were successful.
 
Resolution:

Although CDM and Polaris cannot be directly exploited through the LDAP attack vector, Rubrik plans to release a patch to apply the recommended Log4j changes by setting the “log4j2.formatMsgNoLookups” system property. Once the CDM patch is available (CDM 6.0.2-p1, 5.3.3-p5, and 5.2.3-p8), Rubrik recommends that all customers arrange to upgrade to the latest CDM version. Rubrik will automatically deploy the changes to all Polaris environments. The CDM patch and Polaris platform update will be available from December 13, 2021, as Rubrik will complete the test over the weekend.
 

Workaround:
No workaround
 
 

VMWARE

VMware has issued a new critical security bulletin VMSA-2021-0028 in response to industry issues regarding the open-source Apache Software Foundation log4j Java logging component, a critical vulnerability with a CVSSv3 score of 10 out of 10, named CVE-2021-44228.

What VMware products are impacted?

This list is not yet final and therefore subject to change.

VMware Horizon
VMware vCenter Server
VMware HCX
VMware NSX-T Data Center
VMware Unified Access Gateway
VMware WorkspaceOne Access
VMware Identity Manager
VMware vRealize Operations
VMware vRealize Operations Cloud Proxy
VMware vRealize Log Insight
VMware vRealize Automation
VMware vRealize Lifecycle Manager
VMware Telco Cloud Automation
VMware Site Recovery Manager, vSphere Replication
VMware Carbon Black Cloud Workload Appliance
VMware Carbon Black EDR Server
VMware Tanzu GemFire
VMware Tanzu Greenplum
VMware Tanzu Operations Manager
VMware Tanzu Application Service for VMs
VMware Tanzu Kubernetes Grid Integrated Edition
VMware Tanzu Observability by Wavefront Nozzle
Healthwatch for Tanzu Application Service
Spring Cloud Services for VMware Tanzu
Spring Cloud Gateway for VMware Tanzu
Spring Cloud Gateway for Kubernetes
API Portal for VMware Tanzu
Single Sign-On for VMware Tanzu Application Service
App Metrics
VMware vCenter Cloud Gateway
VMware Tanzu SQL with MySQL for VMs
VMware vRealize Orchestrator
VMware Cloud Foundation
VMware Workspace ONE Access Connector
VMware Horizon DaaS
VMware Horizon Cloud Connector
VMware NSX Data Center for vSphere
VMware AppDefense Appliance

Resolution:
Fixes for CVE-2021-44228 are documented in the ‘Fixed Version’ column of the ‘Response Matrix’ here: https://www.vmware.com/security/advisories/VMSA-2021-0028.html.

Workaround:
Workarounds for CVE-2021-44228 are documented in the ‘Workarounds’ column of the ‘Response Matrix’ here: https://www.vmware.com/security/advisories/VMSA-2021-0028.html.

 

 

Nutanix

Nutanix has issued a new critical security bulletin Security Advisory 0023, in response to industry issues regarding the open-source Apache Software Foundation log4j Java logging component, a critical vulnerability with a CVSSv3 score of 10 out of 10, named CVE-2021-44228.

What Nutanix products are impacted?

This list is not yet final and therefore subject to change.

AOS (All supported versions)
Prism Central (All supported versions)
Volumes (All supported versions)
Sizer

All other services are being investigated.

Resolution:
No solution is yet available.

Workaround:

Currently, there is no workaround available. Nutanix saas-based applications have WAF filters enabled to provide protection temporarily.

Please keep an eye on this advisory, as Nutanix will update that document if a patch/ workaround is available. Security_Advisory_0023
 
 

Citrix

Citrix has issued a new critical security bulletin CTX335705 in response to industry issues regarding the open-source Apache Software Foundation log4j Java logging component, a critical vulnerability with a CVSSv3 score of 10 out of 10, named CVE-2021-44228.

What Citrix products are impacted?

As of this moment, no Citrix products are known to be impacted.

However, Citrix is still investigating the possible impact of this vulnerability on its products.

Resolution:
Please keep an eye on this Citrix article to stay up to date about the impact on Citrix products: https://support.citrix.com/article/CTX335705

Workaround:
Please keep an eye on this Citrix article to stay up to date about the impact on Citrix products: https://support.citrix.com/article/CTX335705
 
 

NVIDIA

 
NVIDIA has issued a new critical security bulletin 5293 in response to industry issues regarding the open-source Apache Software Foundation log4j Java logging component, a critical vulnerability with a CVSSv3 score of 10 out of 10 named CVE-2021-44228.
 
What NVIDIA products are impacted:
  • vGPU Software License Server 2021.07 and 2020.05 Update 1 
Resolution:
None.

Workaround:
To mitigate this issue, please follow the instructions in “Log4j Java Vulnerability (CVE-2021-44228) for Legacy vGPU Software License Server” in the NVIDIA knowledge base, which you can find here: https://enterprise-support.nvidia.com/s/article/Log4j-Java-Vulnerability-CVE-2021-44228-for-vGPU-Legacy-License-Server
 
 

Awingu

Awingu has issued a new critical security bulletin in response to industry issues regarding the open-source Apache Software Foundation log4j Java logging component, a critical vulnerability with a CVSSv3 score of 10 out of 10 named CVE-2021-44228.

What Awingu products are impacted: 
Awingu appliance

Resolution:
The Awingu 5.4.2 maintenance release is now live. We recommend upgrading as soon as possible. 

Workaround:
None.

 

Bob Deleeck

Bob Deleeck

Bob Deleeck is a co-founder at Agisko and has over 15 years of experience in the field of virtualization, business, and application continuity.

Related articles

VMware Windows Virtual Desktop Microsoft Azure Horizon Cloud

5 Best Practices for Making Your Remote Work Environment Crisis Proof

Few of us realized when we celebrated the New Year that this year would be different. But 2020 will go down in history as ...

Read More

Rubrik Backup & Recovery

Disaster Recovery-as-a-Service (DRaaS) – what you need to know?

Natural disasters. Unforeseen equipment failure or power outages. Crippling ransomware attacks. Even old-fashioned human e...

Read More

#CriticalProductNotification

Agisko Critical Product and Security Notifications

Like most modern digital businesses, you make use of software and hardware from a range of technology vendors. This allows...

Read More