• Case Lookup
  • Emerge Login
Locate Us
Join Us
Français
Compugen logo Home
  • Business Solutions ^
    • Business Solutions
    • Datacentre & Cloud ^
      • Datacentre & Cloud
      • Converged Datacentre
      • Cloud Computing
      • Server Virtualization
      • Enterprise Storage
      • Data Management & Protection
    • Communication & Collaboration ^
      • Communication & Collaboration
      • Business Communications
      • Networking
      • Wireless
    • End User Computing ^
      • End User Computing
      • Desktop Management
      • Mobility
      • Application Delivery
    • Security
  • Products & Services ^
    • Products & Services
    • Managed & Packaged Services ^
      • Managed & Packaged Services
      • Managed Solutions
      • End User Support
      • Infrastructure Support
      • Software Management
      • Managed Print
      • Packaged Services
    • Professional Services ^
      • Professional Services
      • Program & Project Management
    • Support & Maintenance ^
      • Support & Maintenance
      • Imaging & Deployment
      • Ongoing Maintenance
      • Staffing
    • Asset Disposal & Recycling
    • Hardware & Software Management ^
      • Hardware & Software Management
      • Hardware
      • Software
      • Online Lifecycle Management (Emerge)
    • Financing
  • Industry ^
    • Industry
    • K-12 Education
    • Higher Education
    • Heathcare
    • Retail
    • SMB
  • Learning Center ^
    • Learning Center
    • Blog
    • Customer Stories
    • Events & Training
    • News & Awards
    • Resources
  • About ^
    • About
    • Our Story
    • Leadership
    • Our Offices
    • Our Partners
    • Careers ^
      • Careers
      • Current Opportunities
    • Green Initiatives
    • Community Involvement
  • Contact Us
IT Buzz Banner

Looking for a little inspiration, some ideas or trusted advice? We've got you covered.

Responding to the Log4j Vulnerability

Posted By Michelle Nuefeld December 15, 2021

Screen Shot 2021 12 15 at 5 22 04 PM

Click here for a message from Marc Perreault our Director, Security Operations

A critical software vulnerability has been identified and is considered to be one of the most widespread security concerns in recent years. It is gaining global attention due to the prevalence of the code within almost every major technology vendor in the market.

How significant is the impact?

It scores a 10/10 on the Common Vulnerability Scoring System, meaning it is very high risk and easy for malicious actors to exploit.  

How does it work?

This code is often used in web-based applications. If these applications are accessible from outside your organization, e.g. on a website, they can be easily exploited by malicious attackers to enter your environment. The vulnerability allows attackers to send a random request to the Apache Log4j library and use remote code execution (RCE) to send commands to the host computer for malicious purposes. Once a connection is established, the attacker can effectively use the machine to spread malware, set up persistence mechanisms, exfiltrate data, etc.  

Where is the vulnerability found?

The vulnerability resides within the Apache Log4j library (versions 2.0 – 2.14.1) which is widely utilized code across all major technology vendors. Please see the links below for specific information.

How can I protect my environment?

1. If you are not certain what hosts or applications on your network are leveraging the Log4j library, the best mitigation path is to ensure that your firewalls and Intrusion Prevention and Detection systems are up to date with the Log4j signature and set to block detections. This will prevent the ability of an attacker to exploit the vulnerability.

2. Within Apache: If you are aware of the hosts of applications that use the Log4j library within Apache, you can upgrade to the newest version via Apache located here: Log4j – Download Apache Log4j 2.

Within other applications: For all applications that are provided by vendors other than Apache that are using the Log4j library, customers are encouraged to contact their vendor partners to determine which products are affected and how to mitigate those vulnerable versions.

We have listed some technology vendor links below. This list is not exhaustive. Please check for patches with all application vendors within your environment.

3. If the service or application isn’t critical, the system should be shut down until proper patching or IPS rules are in place.

Compugen can assist with the mitigation methods above if you require. Please contact your Account Executive or Service Delivery Manager for more details on how we can help.

Vendor notices regarding the Log4j security vulnerability:

Cisco
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-apache-log4j-qRuKNEbd.html?dtid=osscdc000283  

Microsoft
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ 

VMWare
https://blogs.vmware.com/cloud/2021/12/11/vmsa-2021-0028-log4j-what-you-need-to-know/?utm_source=rss&utm_medium=rss&utm_campaign=vmsa-2021-0028-log4j-what-you-need-to-know 

HPE
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00120086en_us

Palo Alto
https://security.paloaltonetworks.com/CVE-2021-44228

Citrix
https://support.citrix.com/article/CTX335705

Security

< Previous Article

Hybrid multicloud is nothing less than inevitable

Next Article >

How to manage ever-growing data in a cloud environment

We address the bottom of the iceberg. Sign up and get relevant and timely content about our approach to business through an IT lens.

Navigation

Business Solutions

  • Industry
  • Datacentre & Cloud
  • Communication & Collaboration
  • End User Computing
  • Security

Products & Services

  • Managed & Packaged Services
  • Professional Services
  • Support & Maintenance
  • Asset Disposal & Recycling
  • Hardware & Software Management
  • Financing

Customer Stories

  • Corporate
  • Education
  • Energy and Utilities
  • Finance
  • Healthcare
  • Non-profit
  • Public Sector
  • Retail

About

  • Our Story
  • Leadership
  • Our Offices
  • Our Partners
  • Green Initiatives
  • Community Involvement
  • Awards

Careers

  • Working at Compugen
  • Current Opportunities

Contact

  • Find A Location

News & Articles

  • Find A Location
  • Awards

Client Login

  • Case Lookup
  • Emerge Login

Industry

  • K-12 Education
  • Healthcare
  • Higher Education
  • Retail
  • SMB

Connect With Us

  • twitter
  • facebook
  • linkedin
IT Buzz
  • Privacy Policy
  • Accessibility
  • Terms & Conditions
  • National Master Standing Offers (NMSO)
  • Terms of Product Sales
  • Terms for the Supply of Services

©2023, Compugen Inc. Website by Caffeine Creations.