Nectar Response to Apache Log4j Vulnerability
- 26 Jan 2022
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Nectar Response to Apache Log4j Vulnerability
- Updated on 26 Jan 2022
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Article Summary
Issue Updated Jan 14, 2022
Overview
A critical remote code execution vulnerability in Apache Log4j (a logging tool used in many Java applications) was disclosed on December 9, 2021. This vulnerability is described in CVE-2021-44228. This advisory also covers CVE-2021-45046 and CVE-2021-4104.
Similar to other users of Apache Log4j, Nectar has investigated to determine which products and internal systems may be affected by this. Maintaining the safety and security of all Nectar products and customer information remains our top priority. If more information on these vulnerabilities becomes available, we will conduct further investigation and report on affected products, mitigations, and/or patches on this advisory.
Contents
Affected Products
Nectar has completed investigation on the impact of these vulnerabilities on our products. If more information on these vulnerabilities becomes evident, we will conduct further investigation and release updates to the Affected Products table at that time.
If you are using Nectar products other than those explicitly listed below, no further action is required by you at this time. Nectar DXP (formally Nectar 10), UC Diagnostics, CX Assurance and the Endpoint Client do not use Log4J in any way.
Product | Mitigation |
Foundation RIG | Update to version 2021.3 or 8.7.5 |
Foundation CIP | Update to 7.4.1.3 (Log4J v2.6.2 with JndiLookup removed) Update to 5.5.4.19 (Log4j v2.12.4, not vulnerable) |
For any questions or assistance with upgrading, please contact Nectar’s Support Team aby emailing support@nectarcorp.com or calling 1-888-811-8647
Additional Resources
- External: CVE-2021-44228
- External: CVE-2021-45046
- External: CVE-2021-4104
- External: CISA Log4j Vulnerability Guidance
Was this article helpful?