Nectar Response to Apache Log4j Vulnerability
    • 26 Jan 2022
    • 1 Minute to read
    • Dark
      Light
    • PDF

    Nectar Response to Apache Log4j Vulnerability

    • Dark
      Light
    • PDF

    Article summary

    Issue Updated Jan 14, 2022

    Overview

    A critical remote code execution vulnerability in Apache Log4j (a logging tool used in many Java applications) was disclosed on December 9, 2021. This vulnerability is described in CVE-2021-44228. This advisory also covers CVE-2021-45046 and CVE-2021-4104.

    Similar to other users of Apache Log4j, Nectar has investigated to determine which products and internal systems may be affected by this. Maintaining the safety and security of all Nectar products and customer information remains our top priority. If more information on these vulnerabilities becomes available, we will conduct further investigation and report on affected products, mitigations, and/or patches on this advisory.

    Contents

    Affected Products

    Nectar has completed investigation on the impact of these vulnerabilities on our products. If more information on these vulnerabilities becomes evident, we will conduct further investigation and release updates to the Affected Products table at that time.

    If you are using Nectar products other than those explicitly listed below, no further action is required by you at this time.  Nectar DXP (formally Nectar 10), UC Diagnostics, CX Assurance and the Endpoint Client do not use Log4J in any way.

    Product

    Mitigation

    Foundation RIG

    Update to version 2021.3 or 8.7.5

    Foundation CIP

    Update to 7.4.1.3 (Log4J v2.6.2 with JndiLookup removed)

    Update to 5.5.4.19 (Log4j v2.12.4, not vulnerable)

     

    For any questions or assistance with upgrading, please contact Nectar’s Support Team aby emailing support@nectarcorp.com or calling 1-888-811-8647

    Additional Resources

     

     

     


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence