Every Christmas for the last while we have been getting security alerts, last year we got the issues with Solarwinds and this year we got Log4Shell/Log4J CVE-2021-44228 with a CVSS score of 10 (the highest score).
Is the Log4Shell or Log4J vulnerability an issue for Opmantek?
No. Opmantek products do not use Java or Log4J, see more details here: Opmantek Products and Apache Log4J Vulnerability.
What is the Log4Shell Vulnerability?
The Log4Shell is a zero-day vulnerability in Log4J, which allows attackers to execute arbitrary Java code on the remote computers, including accessing sensitive information. The CVSS score is 10, the highest possible score. You can read more details here: Log4Shell – Wikipedia.
What is Apache Log4J?
Apache Log4J is a popular library used by many products written in Java. It provides a consistent way for applications to log messages including information, debug, errors, etc. It has become the primary way Java applications do logging and is widely used.
How can Opmantek help you find computers that are using Log4J?
Log4J is a Java library which means that there are files installed onto the computer which Java loads when it runs the program. You can search for these files using Linux commands and determine if the files exist on the server.
You can find a handy How-To guide here: Using opConfig to Detect Log4j on a server
The Log4Shell vulnerability is a serious one and should be treated as such. Opmantek’s software is not vulnerable to Log4Shell, and if you are using Opmantek software you can use opConfig to assist you to find the computers which need to be patched.