NEWS
vScope and Apache Log4j (CVE-2021-44228, CVE-2021-4104)
Summary
- vScope is not using Log4j2
- vScope is not using JNDI or JMSAppender
…and is not affected by neither CVE-2021-44228 nor CVE-2021-4104.
Background
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. It allows an attacker to execute arbitrary code by injecting attacker-controlled data into a logged message.
Read more at:
https://www.cve.org/CVERecord?id=CVE-2021-44228
Is vScope affected?
vScope uses Log4j 1.x which is not affected by CVE-2021-44228 (http://slf4j.org/log4shell.html). As Log4j 1.x does not offer the look-up mechanism used in the exploit, it does not suffer from CVE-2021-44228.
There has been another CVE created for Log4j 1.x, CVE-2021-4104, which states:
“…Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.”
vScope is not configured to use JNDI or JMSAppender and is therefore not affected of CVE-2021-4104.
How can vScope help?
We have written a guide showing how you can use vScope to identify potential vulnerabilities in your IT. Find the blog post here: https://www.vscope.net/blog/two-reports-to-find-out-where-you-are-using-log4j/.
We carefully follow this issue and will update this post if any important news surface. If you have any questions you can reach out to customersuccess@infrasightlabs.com.
Subscribe to our Newsletter
Let us share product updates, news, and market insights directly to your inbox.
More from us…
New vScope Content Update: Stay Up-to-Date with Enhanced IT Documentation
October 30, 2024 · Anton Berghult · Content · 2 min New IT Service Layouts & Documentation Templates in vScope With our latest update, we have added more bundled content to help you excel
Section Separators for a more customized Dashboard experience
October 29, 2024 · Anton Berghult · Dashboard · 2 min Enhance Your Dashboard Experience with Section DividersElevate your dashboard with new widgets for organizing content into sections! vScope's latest feature, Section Dividers, allows
How Updated Documentation and TPM Insights Simplify Your Windows 11 Migration
October 22, 2024 · Anton Berghult · IT Documentation · 3 min How Effective IT Documentation Simplifies Your Windows 11 Migration Migrating to Windows 11 is a critical upgrade for many IT departments, providing enhanced
How to Keep Your Software Up-to-Date and Why It Matters
NEWS How to Keep Your Software Up-to-Date and Why It Matters Software plays a critical role in every business's daily operations, from communication to data management. But keeping software up-to-date is
vScope 3.30.0
vScope 3.30 3.30.9 December 16, 2024 🎆 Review your IT environment 2024 with vScope It's that time of the year when companies wrap a yearly summary for their user to explore. And this year,
Tracker’s got a new look
NEWS Let vScope track anomalies and changes for you Start off your week with a new fresh look of vScope's popular alerting tool – Tracker. Setting up cases to keep track