Nectar Response to Apache Log4j Vulnerability
  • 26 Jan 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Nectar Response to Apache Log4j Vulnerability

  • Dark
    Light
  • PDF

Issue Updated Jan 14, 2022

Overview

A critical remote code execution vulnerability in Apache Log4j (a logging tool used in many Java applications) was disclosed on December 9, 2021. This vulnerability is described in CVE-2021-44228. This advisory also covers CVE-2021-45046 and CVE-2021-4104.

Similar to other users of Apache Log4j, Nectar has investigated to determine which products and internal systems may be affected by this. Maintaining the safety and security of all Nectar products and customer information remains our top priority. If more information on these vulnerabilities becomes available, we will conduct further investigation and report on affected products, mitigations, and/or patches on this advisory.

Contents

Affected Products

Nectar has completed investigation on the impact of these vulnerabilities on our products. If more information on these vulnerabilities becomes evident, we will conduct further investigation and release updates to the Affected Products table at that time.

If you are using Nectar products other than those explicitly listed below, no further action is required by you at this time.  Nectar DXP (formally Nectar 10), UC Diagnostics, CX Assurance and the Endpoint Client do not use Log4J in any way.

Product

Mitigation

Foundation RIG

Update to version 2021.3 or 8.7.5

Foundation CIP

Update to 7.4.1.3 (Log4J v2.6.2 with JndiLookup removed)

Update to 5.5.4.19 (Log4j v2.12.4, not vulnerable)

 

For any questions or assistance with upgrading, please contact Nectar’s Support Team aby emailing support@nectarcorp.com or calling 1-888-811-8647

Additional Resources

 

 

 


Was this article helpful?